diff options
author | Petko Manolov <petkan@mip-labs.com> | 2015-12-02 17:47:56 +0200 |
---|---|---|
committer | Oleksandr Suvorov <oleksandr.suvorov@toradex.com> | 2020-05-25 13:57:21 +0300 |
commit | 11485a13d38000c64471bdf6338536be52b761f9 (patch) | |
tree | 19f8e7d5f5bdae494368a6b1eeafe8d5b2e8d62f /security/integrity/ima/Kconfig | |
parent | 72d6cdc59c00405719b62eb3dedf0def2b6e028e (diff) |
IMA: allow reading back the current IMA policy
commit 80eae209d63ac6361c7b445f7e7e41f39c044772 upstream
It is often useful to be able to read back the IMA policy. It is
even more important after introducing CONFIG_IMA_WRITE_POLICY.
This option allows the root user to see the current policy rules.
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Signed-off-by: Petko Manolov <petkan@mip-labs.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/ima/Kconfig')
-rw-r--r-- | security/integrity/ima/Kconfig | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index b13068d54343..1d4dbae64f8c 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -119,6 +119,16 @@ config IMA_WRITE_POLICY If unsure, say N. +config IMA_READ_POLICY + bool "Enable reading back the current IMA policy" + depends on IMA + default y if IMA_WRITE_POLICY + default n if !IMA_WRITE_POLICY + help + It is often useful to be able to read back the IMA policy. It is + even more important after introducing CONFIG_IMA_WRITE_POLICY. + This option allows the root user to see the current policy rules. + config IMA_APPRAISE bool "Appraise integrity measurements" depends on IMA |