summaryrefslogtreecommitdiff
path: root/Documentation/kernel-parameters.txt
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2015-06-27 23:26:03 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2015-06-27 23:26:03 +0300
commite22619a29fcdb513b7bc020e84225bb3b5914259 (patch)
tree1d1d72a4c8cebad4f2d2bf738395ca4ececa95ec /Documentation/kernel-parameters.txt
parent78c10e556ed904d5bfbd71e9cadd8ce8f25d6982 (diff)
parentb3bddffd35a0b77eee89760eb94cafa18dc431f5 (diff)
downloadlinux-e22619a29fcdb513b7bc020e84225bb3b5914259.tar.xz
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: "The main change in this kernel is Casey's generalized LSM stacking work, which removes the hard-coding of Capabilities and Yama stacking, allowing multiple arbitrary "small" LSMs to be stacked with a default monolithic module (e.g. SELinux, Smack, AppArmor). See https://lwn.net/Articles/636056/ This will allow smaller, simpler LSMs to be incorporated into the mainline kernel and arbitrarily stacked by users. Also, this is a useful cleanup of the LSM code in its own right" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits) tpm, tpm_crb: fix le64_to_cpu conversions in crb_acpi_add() vTPM: set virtual device before passing to ibmvtpm_reset_crq tpm_ibmvtpm: remove unneccessary message level. ima: update builtin policies ima: extend "mask" policy matching support ima: add support for new "euid" policy condition ima: fix ima_show_template_data_ascii() Smack: freeing an error pointer in smk_write_revoke_subj() selinux: fix setting of security labels on NFS selinux: Remove unused permission definitions selinux: enable genfscon labeling for sysfs and pstore files selinux: enable per-file labeling for debugfs files. selinux: update netlink socket classes signals: don't abuse __flush_signals() in selinux_bprm_committed_creds() selinux: Print 'sclass' as string when unrecognized netlink message occurs Smack: allow multiple labels in onlycap Smack: fix seq operations in smackfs ima: pass iint to ima_add_violation() ima: wrap event related data to the new ima_event_data structure integrity: add validity checks for 'path' parameter ...
Diffstat (limited to 'Documentation/kernel-parameters.txt')
-rw-r--r--Documentation/kernel-parameters.txt12
1 files changed, 10 insertions, 2 deletions
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 8bb54c95cece..afe7e2bbbc23 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1413,7 +1413,15 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
The list of supported hash algorithms is defined
in crypto/hash_info.h.
- ima_tcb [IMA]
+ ima_policy= [IMA]
+ The builtin measurement policy to load during IMA
+ setup. Specyfing "tcb" as the value, measures all
+ programs exec'd, files mmap'd for exec, and all files
+ opened with the read mode bit set by either the
+ effective uid (euid=0) or uid=0.
+ Format: "tcb"
+
+ ima_tcb [IMA] Deprecated. Use ima_policy= instead.
Load a policy which meets the needs of the Trusted
Computing Base. This means IMA will measure all
programs exec'd, files mmap'd for exec, and all files
@@ -1421,7 +1429,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
ima_template= [IMA]
Select one of defined IMA measurements template formats.
- Formats: { "ima" | "ima-ng" }
+ Formats: { "ima" | "ima-ng" | "ima-sig" }
Default: "ima-ng"
ima_template_fmt=