linux_dsm_epyc7002/security/integrity/ima
Eric Paris c3d20103d0 IMA: do not measure everything opened by root by default
The IMA default policy measures every single file opened by root.  This is
terrible for most users.  Consider a system (like mine) with virtual machine
images.  When those images are touched (which happens at boot for me) those
images are measured.  This is just way too much for the default case.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-05-15 09:55:44 +10:00
..
ima_api.c integrity: audit update 2009-02-12 09:40:14 +11:00
ima_audit.c IMA: use current_cred() instead of current->cred 2009-05-12 11:06:01 +10:00
ima_crypto.c integrity: ima scatterlist bug fix 2009-02-21 00:29:59 +11:00
ima_fs.c IMA: remove read permissions on the ima policy file 2009-05-15 09:55:41 +10:00
ima_iint.c integrity: ima iint radix_tree_lookup locking fix 2009-02-23 09:54:53 +11:00
ima_init.c integrity: audit update 2009-02-12 09:40:14 +11:00
ima_main.c IMA: open all files O_LARGEFILE 2009-05-12 11:06:08 +10:00
ima_policy.c IMA: do not measure everything opened by root by default 2009-05-15 09:55:44 +10:00
ima_queue.c integrity: IMA as an integrity service provider 2009-02-06 09:05:30 +11:00
ima.h integrity: audit update 2009-02-12 09:40:14 +11:00
Kconfig ima: fix build error 2009-02-13 09:27:56 +11:00
Makefile integrity: IMA display 2009-02-06 09:05:31 +11:00