projects / cascardo / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8265a2f) | patch
ima: skip measurement of cgroupfs files and update documentation
authorRoberto Sassu <rsassu@suse.de>
Sat, 11 Apr 2015 15:13:06 +0000 (17:13 +0200)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 21 May 2015 17:27:19 +0000 (13:27 -0400)
commit6438de9f3fb5180d78a0422695d0b88c687757d3
tree7053e30fd3a02863800f6234b15babe0329d1f20tree | snapshot
parent8265a2f89c8ecf526931951fa240982d1f438736commit | diff
ima: skip measurement of cgroupfs files and update documentation

This patch adds a rule in the default measurement policy to skip inodes
in the cgroupfs filesystem. Measurements for this filesystem can be
avoided, as all the digests collected have the same value of the digest of
an empty file.

Furthermore, this patch updates the documentation of IMA policies in
Documentation/ABI/testing/ima_policy to make it consistent with
the policies set in security/integrity/ima/ima_policy.c.

Signed-off-by: Roberto Sassu <rsassu@suse.de>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Documentation/ABI/testing/ima_policy diff | blob | history
security/integrity/ima/ima_policy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.