Mimi Zohar f1b08bbcbd ima: define a new policy condition based on the filesystem name ... If/when file data signatures are distributed with the file data, this patch will not be needed. In the current environment where only some files are signed, the ability to differentiate between file systems is needed. Some file systems consider the file system magic number internal to the file system. This patch defines a new IMA policy condition named "fsname", based on the superblock's file_system_type (sb->s_type) name. This allows policy rules to be expressed in terms of the filesystem name. The following sample rules require file signatures on rootfs files executed or mmap'ed. appraise func=BPRM_CHECK fsname=rootfs appraise_type=imasig appraise func=FILE_MMAP fsname=rootfs appraise_type=imasig Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Dave Chinner <david@fromorbit.com> Cc: Theodore Ts'o <tytso@mit.edu>		2018-05-22 07:33:53 -04:00
..
evm	EVM: Allow runtime modification of the set of verified xattrs	2018-05-18 15:34:45 -04:00
ima	ima: define a new policy condition based on the filesystem name	2018-05-22 07:33:53 -04:00
digsig_asymmetric.c	integrity: Small code improvements	2017-06-21 14:37:12 -04:00
digsig.c	integrity/security: fix digsig.c build error with header file	2018-02-22 20:09:08 -08:00
iint.c	integrity: Add an integrity directory in securityfs	2018-05-17 08:03:07 -04:00
integrity_audit.c	Merge git://git.infradead.org/users/eparis/audit	2014-04-12 12:38:53 -07:00
integrity.h	integrity: Add an integrity directory in securityfs	2018-05-17 08:03:07 -04:00
Kconfig	security: integrity: Remove select to deleted option PUBLIC_KEY_ALGO_RSA	2016-04-12 19:54:58 +01:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00