linux_dsm_epyc7002/Documentation
Mimi Zohar 9e67028e76 ima: fail signature verification based on policy
This patch addresses the fuse privileged mounted filesystems in
environments which are unwilling to accept the risk of trusting the
signature verification and want to always fail safe, but are for example
using a pre-built kernel.

This patch defines a new builtin policy named "fail_securely", which can
be specified on the boot command line as an argument to "ima_policy=".

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Seth Forshee <seth.forshee@canonical.com>
Cc: Dongsu Park <dongsu@kinvolk.io>
Cc: Alban Crequy <alban@kinvolk.io>
Acked-by: Serge Hallyn <serge@hallyn.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
2018-03-23 06:31:37 -04:00
..
ABI IMA: Support using new creds in appraisal policy 2018-03-23 06:31:11 -04:00
accelerators ocxl: Document the OCXL_IOCTL_GET_METADATA IOCTL 2018-03-02 13:02:15 +11:00
accounting
acpi ACPI / LPIT: Add Low Power Idle Table (LPIT) support 2017-10-11 15:38:10 +02:00
admin-guide ima: fail signature verification based on policy 2018-03-23 06:31:37 -04:00
aoe
arm ARM: sunxi: add support for R40 SoC 2017-09-22 21:57:09 +02:00
arm64 arm64 updates for 4.16: 2018-01-30 13:57:43 -08:00
auxdisplay
backlight
blackfin
block block, bfq: move debug blkio stats behind CONFIG_DEBUG_BLK_CGROUP 2017-11-14 20:13:33 -07:00
blockdev SCSI misc on 20170907 2017-09-07 21:11:05 -07:00
bpf bpf: add documentation to compare clang "-target bpf" and default target 2018-02-02 11:14:19 +01:00
bus-devices
cdrom documentation: Update ide-cd documentation to reflect CONFIG_BLK_DEV_HD_IDE removal 2017-10-12 11:25:31 -06:00
cgroup-v1 Documentation: Fix 'file_mapped' -> 'mapped_file' 2018-01-30 09:52:11 -08:00
cma
connector
console
core-api idr: Add documentation 2018-02-06 16:41:29 -05:00
cpu-freq cpufreq: Add and use cpufreq_for_each_{valid_,}entry_idx() 2018-02-08 10:21:39 +01:00
cpuidle
cris
crypto crypto: doc - adapt api sample to use async. op wait 2017-11-03 22:11:23 +08:00
dev-tools Kbuild misc updates for v4.15 2017-11-17 17:51:33 -08:00
device-mapper dm cache: Documentation: update default migration_throttling value 2018-01-30 16:55:47 -05:00
devicetree USB fixes for 4.16-rc6 2018-03-14 10:05:59 -07:00
doc-guide scripts: kernel-doc: parse next structs/unions 2017-12-21 13:41:46 -07:00
driver-api s390/docs: reword airq section 2018-02-02 10:47:15 +01:00
driver-model serdev: Introduce devm_serdev_device_open() 2018-01-08 10:08:34 +00:00
early-userspace Documentation: Fix dead URLs to ftp.kernel.org 2017-03-29 15:46:06 -06:00
EDID drm: use .hword to represent 16-bit numbers 2017-03-30 10:15:19 +02:00
extcon extcon: Remove porting compatibility of swich class 2017-04-06 10:55:24 +09:00
fault-injection Documentation updates for 4.16. New stuff includes refcount_t 2018-01-31 19:25:25 -08:00
fb documentation: fb: update list of available compiled-in fonts 2017-11-08 03:39:52 -07:00
features membarrier-sync-core: Document architecture support 2018-02-10 12:45:10 +01:00
filesystems afs: Support the AFS dynamic root 2018-02-06 14:43:37 +00:00
firmware_class
fmc
fpga fpga: mgr: separate getting/locking FPGA manager 2017-11-28 16:30:37 +01:00
frv
gpio Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2018-02-01 10:49:58 -08:00
gpu Fixes for 4.16. I contains fixes for deadlock on runtime suspend on few 2018-02-22 08:39:26 +10:00
hid Documentation: fix input related doc refs 2017-10-12 11:14:06 -06:00
hwmon hwmon: (pmbus/max31785) Add dual tachometer support 2018-01-02 15:05:34 -08:00
i2c i2c: i801: Add missing documentation entries for Braswell and Kaby Lake 2018-02-21 09:17:20 +01:00
ia64 ia64: doc: tweak whitespace for 'console=' parameter 2018-03-05 14:41:38 -08:00
ide
iio iio: adc: New driver for Cirrus Logic EP93xx ADC 2017-07-25 19:56:23 +01:00
infiniband IB: Update references to libibverbs 2018-02-04 11:56:49 -05:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2018-02-01 10:49:58 -08:00
ioctl ocxl: Documentation 2018-01-27 20:02:24 +11:00
isdn
kbuild Documentation updates for 4.16. New stuff includes refcount_t 2018-01-31 19:25:25 -08:00
kdump kexec/kdump: minor Documentation updates for arm64 and Image 2017-07-12 16:26:00 -07:00
kernel-hacking Documentation: Fix misconversion of #if 2018-01-17 16:45:01 -07:00
laptops Documentation: fix admin-guide doc refs 2017-10-12 11:13:28 -06:00
leds Documentation: leds: Update 00-INDEX file 2017-10-23 20:17:03 +02:00
lightnvm lightnvm: physical block device (pblk) target 2017-04-16 10:06:33 -06:00
livepatch livepatch: Remove immediate feature 2018-01-11 10:58:03 +01:00
locking Documentation/locking/mutex-design: Update to reflect latest changes 2018-02-11 12:28:58 +01:00
m68k
maintainer docs: Add an intro note to the maintainers handbook 2017-12-11 14:46:10 -07:00
md raid5-ppl: PPL support for disks with write-back cache enabled 2018-01-15 14:29:42 -08:00
media media: dvb: add continuity error indicators for memory mapped buffers 2018-02-23 05:28:41 -05:00
memory-devices
metag
mic
mips Documentation: mips: Update AU1xxx_IDE Kconfig dependencies 2018-02-01 12:45:35 -07:00
misc-devices Documentation: misc-devices: Add Documentation for pci-endpoint-test driver 2017-04-28 10:23:19 -05:00
mmc MMC core: 2017-05-02 17:34:32 -07:00
mn10300
mtd mtd: spi-nor: add an API to restore the status of SPI flash chip 2017-12-13 00:36:00 +01:00
namespaces
netlabel
networking docs: segmentation-offloads.txt: add SCTP info 2018-02-14 14:52:39 -05:00
nfc
nios2
nvdimm
nvmem NVMEM documentation fix: A minor typo 2017-08-24 13:31:58 -06:00
openrisc Documentation: openrisc: Updates to README 2017-10-30 21:37:53 +09:00
parisc
PCI PCI: Update location of pci.ids file 2018-02-22 15:00:43 -06:00
pcmcia
perf perf: ARM DynamIQ Shared Unit PMU support 2018-01-02 16:43:12 +00:00
phy
platform
power regulator: Changes for v4.16 2018-01-29 11:32:44 -08:00
powerpc powerpc updates for 4.13 2017-07-07 13:55:45 -07:00
pps drivers/pps: aesthetic tweaks to PPS-related content 2017-09-08 18:26:51 -07:00
process A few late-arriving fixes, along with Konstantin's PGP document that had 2018-02-07 09:42:59 -08:00
pti
ptp
rapidio
RCU Merge branches 'cond_resched.2017.12.04a', 'dyntick.2017.11.28a', 'fixes.2017.12.11a', 'srbd.2017.12.05a' and 'torture.2017.12.11a' into HEAD 2017-12-11 09:21:58 -08:00
s390 docs: add documentation for vfio-ccw 2017-03-31 12:55:11 +02:00
scheduler sched/deadline: Fix the description of runtime accounting in the documentation 2017-11-16 09:00:35 +01:00
scsi scsi: documentation: Fix case of 'scsi_device' struct mention(s) 2017-12-02 08:43:43 -07:00
security Documentation: security/credentials.rst: explain need to sort group_list 2018-01-08 14:20:31 -07:00
serial tty: n_gsm: do not send/receive in ldisc close path 2017-06-03 18:48:52 +09:00
sh docs-rst: convert sh book to ReST 2017-05-16 08:44:18 -03:00
sound sound updates for 4.15-rc1 2017-11-14 18:01:46 -08:00
sparc sparc64: Oracle DAX driver 2018-01-22 08:17:16 -08:00
sphinx Documentation/sphinx: Fix Directive import error 2018-03-09 10:46:14 -07:00
sphinx-static docs RTD theme: code-block with line nos - lines and line numbers don't line up. 2017-07-17 13:48:45 -06:00
spi spi: Document SPI slave controller support 2017-05-26 13:11:00 +01:00
sysctl Documentation/sysctl/user.txt: fix typo 2018-02-06 18:32:48 -08:00
target Documentation/target: add an example script to configure an iSCSI target 2017-05-01 22:21:35 -07:00
thermal cpu_cooling: Remove static-power related documentation 2018-01-03 13:11:48 +01:00
timers docs: highres: fix broken urls 2017-09-26 14:58:23 -06:00
trace docs: ftrace-uses.rst fix varios code-block directives 2017-12-21 13:39:31 -07:00
translations Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk 2018-02-01 13:36:15 -08:00
usb Documentation updates for 4.16. New stuff includes refcount_t 2018-01-31 19:25:25 -08:00
userspace-api seccomp: Implement SECCOMP_RET_KILL_PROCESS action 2017-08-14 13:46:50 -07:00
virtual KVM: x86: Add a framework for supporting MSR-based features 2018-03-01 19:00:28 +01:00
vm Documentation updates for 4.16. New stuff includes refcount_t 2018-01-31 19:25:25 -08:00
w1 Documentation updates for 4.16. New stuff includes refcount_t 2018-01-31 19:25:25 -08:00
watchdog documentation: watchdog: remove documentation of w83697hf_wdt/w83697ug_wdt 2018-02-03 11:09:54 +01:00
wimax
x86 Documentation, x86, resctrl: Make text and sample command match 2018-02-28 19:59:05 +01:00
xtensa xtensa: add support for KASAN 2017-12-16 22:37:12 -08:00
.gitignore
00-INDEX docs: get rid of kernel-doc-nano-HOWTO.txt 2017-12-21 13:41:46 -07:00
atomic_bitops.txt locking/atomic/bitops: Document and clarify ordering semantics for failed test_and_{}_bit() 2018-02-13 14:55:53 +01:00
atomic_t.txt Documentation/locking/atomic: Finish the document... 2017-08-25 11:06:33 +02:00
bcache.txt bcache.txt: standardize document format 2017-07-14 13:51:27 -06:00
bt8xxgpio.txt bt8xxgpio.txt: standardize document format 2017-07-14 13:51:27 -06:00
btmrvl.txt btmrvl.txt: standardize document format 2017-07-14 13:51:27 -06:00
bus-virt-phys-mapping.txt bus-virt-phys-mapping.txt: standardize document format 2017-07-14 13:51:28 -06:00
cachetlb.txt cachetlb.txt: standardize document format 2017-07-14 13:51:28 -06:00
cgroup-v2.txt cgroup, docs: document the root cgroup behavior of cpu and io controllers 2018-01-16 08:07:09 -08:00
Changes
circular-buffers.txt doc: De-emphasize smp_read_barrier_depends 2017-12-05 11:57:53 -08:00
clearing-warn-once.txt kernel debug: support resetting WARN*_ONCE 2017-11-17 16:10:00 -08:00
clk.txt clk.txt: standardize document format 2017-07-14 13:51:29 -06:00
CodingStyle
conf.py docs: Remove "could not extract kernel version" warning 2017-12-11 15:20:04 -07:00
cpu-load.txt cpu-load: standardize document format 2017-07-14 13:51:30 -06:00
cputopology.txt cputopology.txt: standardize document format 2017-07-14 13:51:30 -06:00
crc32.txt crc32.txt: standardize document format 2017-07-14 13:51:30 -06:00
dcdbas.txt dcdbas.txt: standardize document format 2017-07-14 13:51:31 -06:00
debugging-modules.txt
debugging-via-ohci1394.txt debugging-via-ohci1394.txt: standardize document format 2017-07-14 13:51:34 -06:00
dell_rbu.txt dell_rbu.txt: standardize document format 2017-07-14 13:58:12 -06:00
digsig.txt digsig.txt: standardize document format 2017-07-14 13:51:31 -06:00
DMA-API-HOWTO.txt DMA-API-HOWTO.txt: standardize document format 2017-07-14 13:51:32 -06:00
DMA-API.txt dma-coherent: remove the DMA_MEMORY_MAP and DMA_MEMORY_IO flags 2017-09-01 11:59:17 +02:00
DMA-attributes.txt DMA-attributes.txt: standardize document format 2017-07-14 13:51:33 -06:00
DMA-ISA-LPC.txt DMA-ISA-LPC.txt: standardize document format 2017-07-14 13:51:33 -06:00
docutils.conf
dontdiff Remove gperf usage from toolchain 2017-08-19 11:02:53 -07:00
efi-stub.txt efi-stub.txt: standardize document format 2017-07-14 13:51:34 -06:00
eisa.txt eisa.txt: standardize document format 2017-07-14 13:51:34 -06:00
flexible-arrays.txt flexible-arrays.txt: standardize document format 2017-07-14 13:51:35 -06:00
futex-requeue-pi.txt futex-requeue-pi.txt: standardize document format 2017-07-14 13:51:35 -06:00
gcc-plugins.txt gcc-plugins.txt: standardize document format 2017-07-14 13:51:36 -06:00
highuid.txt highuid.txt: standardize document format 2017-07-14 13:51:36 -06:00
hw_random.txt hw_random.txt: standardize document format 2017-07-14 13:51:37 -06:00
hwspinlock.txt hwspinlock.txt: standardize document format 2017-07-14 13:51:37 -06:00
index.rst Documentation: Add license-rules.rst to describe how to properly identify file licenses 2018-01-06 10:58:02 -07:00
intel_txt.txt intel_txt.txt: standardize document format 2017-07-14 13:51:38 -06:00
Intel-IOMMU.txt Intel-IOMMU.txt: standardize document format 2017-07-14 13:51:38 -06:00
io_ordering.txt io_ordering.txt: standardize document format 2017-07-14 13:51:39 -06:00
io-mapping.txt io-mapping.txt: standardize document format 2017-07-14 13:51:38 -06:00
iostats.txt iostats.txt: update it to cover recent Kernels 2017-07-14 13:51:40 -06:00
IPMI.txt ipmi: Make IPMI panic strings always available 2017-09-27 16:03:45 -05:00
IRQ-affinity.txt IRQ-affinity.txt: standardize document format 2017-07-14 13:51:41 -06:00
IRQ-domain.txt irqdomain: Kill CONFIG_IRQ_DOMAIN_DEBUG 2018-01-24 12:32:58 +01:00
IRQ.txt IRQ.txt: add a markup for its title 2017-07-14 13:51:42 -06:00
irqflags-tracing.txt irqflags-tracing.txt: standardize document format 2017-07-14 13:51:42 -06:00
isa.txt isa.txt: standardize document format 2017-07-14 13:51:43 -06:00
isapnp.txt isapnp.txt: promote title level 2017-07-14 13:51:43 -06:00
kernel-per-CPU-kthreads.txt kernel-per-CPU-kthreads.txt: standardize document format 2017-07-14 13:51:43 -06:00
kobject.txt kobject.txt: standardize document format 2017-07-14 13:51:44 -06:00
kprobes.txt kprobes/docs: Remove jprobes related documents 2017-10-20 11:02:55 +02:00
kref.txt kref.txt: standardize document format 2017-07-14 13:51:45 -06:00
ldm.txt ldm.txt: standardize document format 2017-07-14 13:51:45 -06:00
lockup-watchdogs.txt lockup-watchdogs.txt: standardize document format 2017-07-14 13:51:46 -06:00
logo.gif
logo.txt
lsm.txt docs-rst: convert lsm from DocBook to ReST 2017-05-16 08:44:19 -03:00
lzo.txt lzo.txt: standardize document format 2017-07-14 13:51:46 -06:00
mailbox.txt mailbox.txt: standardize document format 2017-07-14 13:51:47 -06:00
Makefile Documentation: add script and build target to check for broken file references 2017-10-12 11:07:42 -06:00
memory-barriers.txt doc: De-emphasize smp_read_barrier_depends 2017-12-05 11:57:53 -08:00
memory-hotplug.txt memory-hotplug.txt: standardize document format 2017-07-14 13:57:53 -06:00
men-chameleon-bus.txt men-chameleon-bus.txt: standardize document format 2017-07-14 13:57:54 -06:00
nommu-mmap.txt nommu-mmap.txt: don't use all upper case on titles 2017-07-14 13:57:55 -06:00
ntb.txt This series converts a number of top-level documents to the RST format 2017-07-15 12:58:58 -07:00
numastat.txt numastat.txt: standardize document format 2017-07-14 13:57:56 -06:00
padata.txt padata.txt: standardize document format 2017-07-14 13:57:56 -06:00
parport-lowlevel.txt parport-lowlevel.txt: standardize document format 2017-07-14 13:57:57 -06:00
percpu-rw-semaphore.txt percpu-rw-semaphore.txt: standardize document format 2017-07-14 13:57:58 -06:00
phy.txt phy.txt: standardize document format 2017-07-14 13:57:58 -06:00
pi-futex.txt Documentation: fix locking rt-mutex doc refs 2017-10-19 12:56:44 -06:00
pnp.txt pnp.txt: standardize document format 2017-07-14 13:57:59 -06:00
preempt-locking.txt preempt-locking.txt: standardize document format 2017-07-14 13:58:00 -06:00
pwm.txt pwm: Standardize document format 2017-07-06 08:23:30 +02:00
rbtree.txt rbtree: cache leftmost node internally 2017-09-08 18:26:48 -07:00
remoteproc.txt remoteproc.txt: standardize document format 2017-07-14 13:58:02 -06:00
rfkill.txt rfkill.txt: standardize document format 2017-07-14 13:58:02 -06:00
robust-futex-ABI.txt robust-futex-ABI.txt: standardize document format 2017-07-14 13:58:03 -06:00
robust-futexes.txt robust-futexes.txt: standardize document format 2017-07-14 13:58:03 -06:00
rpmsg.txt rpmsg.txt: standardize document format 2017-07-14 13:58:04 -06:00
rtc.txt Documentation: rtc: move iotcl interface documentation to ABI 2018-01-12 00:20:41 +01:00
SAK.txt SAK.txt: standardize document format 2017-07-14 13:58:04 -06:00
sgi-ioc4.txt sgi-ioc4.txt: standardize document format 2017-07-14 13:58:05 -06:00
siphash.txt siphash.txt: standardize document format 2017-07-14 13:58:06 -06:00
SM501.txt SM501.txt: standardize document format 2017-07-14 13:58:06 -06:00
smsc_ece1099.txt smsc_ece1099.txt: standardize document format 2017-07-14 13:58:07 -06:00
speculation.txt Documentation: Document array_index_nospec 2018-01-30 21:54:28 +01:00
static-keys.txt jump_label: Provide hotplug context variants 2017-08-10 12:28:59 +02:00
SubmittingPatches
svga.txt documentation/svga.txt: update outdated file 2017-11-20 10:45:50 -07:00
switchtec.txt NTB: switchtec_ntb: Update switchtec documentation with notes for NTB 2017-11-18 20:37:13 -05:00
sync_file.txt sync_file.txt: standardize document format 2017-05-24 13:01:27 -03:00
tee.txt tee.txt: standardize document format 2017-07-14 13:58:14 -06:00
this_cpu_ops.txt this_cpu_ops.txt: standardize document format 2017-07-14 13:58:08 -06:00
unaligned-memory-access.txt unaligned-memory-access.txt: standardize document format 2017-07-14 13:58:09 -06:00
vfio-mediated-device.txt vfio-mediated-device.txt: standardize document format 2017-07-14 13:58:10 -06:00
vfio.txt vfio.txt: standardize document format 2017-07-14 13:58:10 -06:00
video-output.txt
xillybus.txt xillybus.txt: standardize document format 2017-07-14 13:58:11 -06:00
xz.txt xz.txt: standardize document format 2017-07-14 13:58:11 -06:00
zorro.txt zorro.txt: standardize document format 2017-07-14 13:58:12 -06:00