On Thu, 2013-11-07 at 15:00 +0100, Roberto Sassu wrote: > Hi everyone > > currently accepted patches for the new template management mechanism allow to > choose among a list of supported templates, statically defined in the code. > This functionality is not flexible enough as users may want to include > in their measurements list only information needed and not use predefined > combinations. > > For this reason, this patch set introduce the new kernel command line > parameter > 'ima_template_fmt' to specify a custom template format at boot time, > i.e. a string of template fields identifiers concatenated with the '|' > separator character. The complete list of defined template fields can be > found in Documentation/security/IMA-templates.txt. > > The format string is checked at the very beginning in the setup function > ima_template_fmt_setup() so that, if it is wrong, IMA can go back to the > default template, selected through a kernel configuration option. > > To allow userspace tools parse a measurements list with a custom format, IMA > provides as template name the same format string provided by users at boot > time, so that tools know which information are included in a entry and extract > them if they can handle listed template fields. > > Roberto Sassu
Cool, this is a really nice patchset! Signed-off-by: Mimi Zohar <zo...@us.ibm.com> > > Roberto Sassu (4): > ima: added error messages to template-related functions > ima: make a copy of template_fmt in template_desc_init_fields() > ima: display template format in meas. list if template name length is > zero > ima: added support for new kernel cmdline parameter ima_template_fmt > > Documentation/kernel-parameters.txt | 4 ++ > Documentation/security/IMA-templates.txt | 29 +++++++------ > security/integrity/ima/ima_fs.c | 18 ++++++-- > security/integrity/ima/ima_template.c | 71 > ++++++++++++++++++++++++++++++-- > 4 files changed, 100 insertions(+), 22 deletions(-) > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
