Skip to content

Commit b30bc86

Browse files
pevikpevik
committed
IMA: measure.policy: limit dont_measure tmpfs policy to func=FILE_CHECK
add func=FILE_CHECK to dont_measure tmpfs Similarly to tcb.policy limit dont_measure tmpfs policy to func=FILE_CHECK. This allows to do extra measurements, e.g. kexec boot command line, see kernel commit 7eef7c8bac9a ("ima: limit the builtin 'tcb' dont_measure tmpfs policy rule") Also remove leading 0 from tmpfs magic (to match IMA docs and tcb.policy). Link: https://lore.kernel.org/ltp/[email protected]/ Suggested-by: Mimi Zohar <[email protected]> Reviewed-by: Mimi Zohar <[email protected]> Signed-off-by: Petr Vorel <[email protected]>
1 parent a5c4714 commit b30bc86

File tree

1 file changed

+1
-1
lines changed
  • testcases/kernel/security/integrity/ima/datafiles/ima_policy

1 file changed

+1
-1
lines changed

testcases/kernel/security/integrity/ima/datafiles/ima_policy/measure.policy

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ dont_measure fsmagic=0x62656572
88
# DEBUGFS_MAGIC
99
dont_measure fsmagic=0x64626720
1010
# TMPFS_MAGIC
11-
dont_measure fsmagic=0x01021994
11+
dont_measure fsmagic=0x1021994 func=FILE_CHECK
1212
# SECURITYFS_MAGIC
1313
dont_measure fsmagic=0x73636673
1414
measure func=FILE_MMAP mask=MAY_EXEC

0 commit comments

Comments
 (0)