diff options
| author | Mauro Carvalho Chehab <mchehab+huawei@kernel.org> | 2020-10-30 10:40:39 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-10-30 15:07:01 +0300 |
| commit | 34433332841de2787f903fcf7de8dc3e06780f4a (patch) | |
| tree | 77f3ceec7fbb1a5d8def1fc501233ee0bbd9b950 /Documentation/ABI/testing/ima_policy | |
| parent | 98913408c5465ac477f80da7affe347b413edaa4 (diff) | |
| download | linux-34433332841de2787f903fcf7de8dc3e06780f4a.tar.xz | |
docs: ABI: testing: make the files compatible with ReST output
Some files over there won't parse well by Sphinx.
Fix them.
Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> # for IIO
Acked-by: Fabrice Gasnier <fabrice.gasnier@st.com>
Acked-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Link: https://lore.kernel.org/r/58cf3c2d611e0197fb215652719ebd82ca2658db.1604042072.git.mchehab+huawei@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'Documentation/ABI/testing/ima_policy')
| -rw-r--r-- | Documentation/ABI/testing/ima_policy | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index cd572912c593..e35263f97fc1 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -15,19 +15,22 @@ Description: IMA appraisal, if configured, uses these file measurements for local measurement appraisal. - rule format: action [condition ...] + :: - action: measure | dont_measure | appraise | dont_appraise | - audit | hash | dont_hash - condition:= base | lsm [option] + rule format: action [condition ...] + + action: measure | dont_measure | appraise | dont_appraise | + audit | hash | dont_hash + condition:= base | lsm [option] base: [[func=] [mask=] [fsmagic=] [fsuuid=] [uid=] [euid=] [fowner=] [fsname=]] lsm: [[subj_user=] [subj_role=] [subj_type=] [obj_user=] [obj_role=] [obj_type=]] option: [[appraise_type=]] [template=] [permit_directio] [appraise_flag=] [keyrings=] - base: func:= [BPRM_CHECK][MMAP_CHECK][CREDS_CHECK][FILE_CHECK][MODULE_CHECK] - [FIRMWARE_CHECK] + base: + func:= [BPRM_CHECK][MMAP_CHECK][CREDS_CHECK][FILE_CHECK]MODULE_CHECK] + [FIRMWARE_CHECK] [KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK] [KEXEC_CMDLINE] [KEY_CHECK] mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND] @@ -37,8 +40,9 @@ Description: uid:= decimal value euid:= decimal value fowner:= decimal value - lsm: are LSM specific - option: appraise_type:= [imasig] [imasig|modsig] + lsm: are LSM specific + option: + appraise_type:= [imasig] [imasig|modsig] appraise_flag:= [check_blacklist] Currently, blacklist check is only for files signed with appended signature. @@ -49,7 +53,7 @@ Description: (eg, ima-ng). Only valid when action is "measure". pcr:= decimal value - default policy: + default policy: # PROC_SUPER_MAGIC dont_measure fsmagic=0x9fa0 dont_appraise fsmagic=0x9fa0 @@ -97,7 +101,8 @@ Description: Examples of LSM specific definitions: - SELinux: + SELinux:: + dont_measure obj_type=var_log_t dont_appraise obj_type=var_log_t dont_measure obj_type=auditd_log_t @@ -105,10 +110,11 @@ Description: measure subj_user=system_u func=FILE_CHECK mask=MAY_READ measure subj_role=system_r func=FILE_CHECK mask=MAY_READ - Smack: + Smack:: + measure subj_user=_ func=FILE_CHECK mask=MAY_READ - Example of measure rules using alternate PCRs: + Example of measure rules using alternate PCRs:: measure func=KEXEC_KERNEL_CHECK pcr=4 measure func=KEXEC_INITRAMFS_CHECK pcr=5 |