From: dhowells@redhat.com (David Howells)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v13 00/10] Make keyring link restrictions accessible from userspace
Date: Tue, 04 Apr 2017 08:30:15 +0100 [thread overview]
Message-ID: <20211.1491291015@warthog.procyon.org.uk> (raw)
In-Reply-To: <20172.1491290901@warthog.procyon.org.uk>
Try adding these:
CONFIG_INTEGRITY=y
CONFIG_INTEGRITY_SIGNATURE=y
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
CONFIG_INTEGRITY_TRUSTED_KEYRING=y
CONFIG_INTEGRITY_AUDIT=y
CONFIG_IMA=y
CONFIG_IMA_MEASURE_PCR_IDX=10
CONFIG_IMA_LSM_RULES=y
# CONFIG_IMA_TEMPLATE is not set
CONFIG_IMA_NG_TEMPLATE=y
# CONFIG_IMA_SIG_TEMPLATE is not set
CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
CONFIG_IMA_DEFAULT_HASH_SHA256=y
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
CONFIG_IMA_DEFAULT_HASH="sha256"
# CONFIG_IMA_WRITE_POLICY is not set
# CONFIG_IMA_READ_POLICY is not set
CONFIG_IMA_APPRAISE=y
CONFIG_IMA_TRUSTED_KEYRING=y
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_BLACKLIST_KEYRING=y
# CONFIG_IMA_LOAD_X509 is not set
CONFIG_EVM=y
CONFIG_EVM_ATTR_FSUUID=y
# CONFIG_EVM_LOAD_X509 is not set
David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2017-04-04 7:30 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-30 23:50 [PATCH v13 00/10] Make keyring link restrictions accessible from userspace Mat Martineau
2017-03-30 23:50 ` [PATCH v13 01/10] KEYS: Use a typedef for restrict_link function pointers Mat Martineau
2017-03-30 23:50 ` [PATCH v13 02/10] KEYS: Split role of the keyring pointer for keyring restrict functions Mat Martineau
2017-03-30 23:50 ` [PATCH v13 03/10] KEYS: Add a key restriction struct Mat Martineau
2017-03-30 23:50 ` [PATCH v13 04/10] KEYS: Use structure to capture key restriction function and data Mat Martineau
2017-03-30 23:50 ` [PATCH v13 05/10] KEYS: Add an optional lookup_restriction hook to key_type Mat Martineau
2017-03-30 23:50 ` [PATCH v13 06/10] KEYS: Consistent ordering for __key_link_begin and restrict check Mat Martineau
2017-03-30 23:50 ` [PATCH v13 07/10] KEYS: Add KEYCTL_RESTRICT_KEYRING Mat Martineau
2017-03-30 23:50 ` [PATCH v13 08/10] KEYS: Add a lookup_restriction function for the asymmetric key type Mat Martineau
2017-03-30 23:50 ` [PATCH v13 09/10] KEYS: Restrict asymmetric key linkage using a specific keychain Mat Martineau
2017-03-30 23:50 ` [PATCH v13 10/10] KEYS: Keyring asymmetric key restrict method with chaining Mat Martineau
2017-04-03 15:24 ` [PATCH v13 00/10] Make keyring link restrictions accessible from userspace David Howells
2017-04-03 15:59 ` David Howells
2017-04-03 20:25 ` Mat Martineau
2017-04-03 23:02 ` David Howells
2017-04-04 7:28 ` David Howells
2017-04-04 7:30 ` David Howells [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211.1491291015@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).