On Thu, 2021-01-07 at 20:07 -0800, Tushar Sugandhi wrote: > Integrity critical data may belong to a single subsystem or it may > arise from cross subsystem interaction. Currently there is no mechanism > to group or limit the data based on certain label. Limiting and > grouping critical data based on a label would make it flexible and > configurable to measure. > > Define "label:=", a new IMA policy condition, for the IMA func > CRITICAL_DATA to allow grouping and limiting measurement of integrity > critical data. > > Limit the measurement to the labels that are specified in the IMA > policy - CRITICAL_DATA+"label:=". If "label:=" is not provided with > the func CRITICAL_DATA, measure all the input integrity critical data. > > Signed-off-by: Tushar Sugandhi <tusha...@linux.microsoft.com> > Reviewed-by: Tyler Hicks <tyhi...@linux.microsoft.com>
This is looking a lot better. thanks, Mimi
