From 4286587dccd43d4f81fa227e413ed7e909895342 Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Fri, 7 Jun 2013 12:16:34 +0200 Subject: ima: add Kconfig default measurement list template This patch adds a Kconfig option to select the default IMA measurement list template. The 'ima' template limited the filedata hash to 20 bytes and the pathname to 255 charaters. The 'ima-ng' measurement list template permits larger hash digests and longer pathnames. Changelog: - keep 'select CRYPTO_HASH_INFO' in 'config IMA' section (Kconfig) (Roberto Sassu); - removed trailing whitespaces (Roberto Sassu). - Lindent fixes Signed-off-by: Mimi Zohar Signed-off-by: Roberto Sassu --- security/integrity/ima/Kconfig | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'security/integrity/ima/Kconfig') diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index e6628e783df1..de26cc873ae6 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -46,6 +46,31 @@ config IMA_LSM_RULES help Disabling this option will disregard LSM based policy rules. +choice + prompt "Default template" + default IMA_NG_TEMPLATE + depends on IMA + help + Select the default IMA measurement template. + + The original 'ima' measurement list template contains a + hash, defined as 20 bytes, and a null terminated pathname, + limited to 255 characters. The 'ima-ng' measurement list + template permits both larger hash digests and longer + pathnames. + + config IMA_TEMPLATE + bool "ima" + config IMA_NG_TEMPLATE + bool "ima-ng (default)" +endchoice + +config IMA_DEFAULT_TEMPLATE + string + depends on IMA + default "ima" if IMA_TEMPLATE + default "ima-ng" if IMA_NG_TEMPLATE + config IMA_APPRAISE bool "Appraise integrity measurements" depends on IMA -- cgit v1.2.3