aboutsummaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2009-05-21 15:47:06 -0400
committerJames Morris <jmorris@namei.org>2009-05-22 09:31:20 +1000
commit5789ba3bd0a3cd20df5980ebf03358f2eb44fd67 (patch)
tree4ad5dc0496f0d6bc06e9614ff5edbc0400fcdb5d /Documentation
parentc5642f4bbae30122beb696e723f6da273caa570e (diff)
IMA: Minimal IMA policy and boot param for TCB IMA policy
The IMA TCB policy is dangerous. A normal use can use all of a system's memory (which cannot be freed) simply by building and running lots of executables. The TCB policy is also nearly useless because logging in as root often causes a policy violation when dealing with utmp, thus rendering the measurements meaningless. There is no good fix for this in the kernel. A full TCB policy would need to be loaded in userspace using LSM rule matching to get both a protected and useful system. But, if too little is measured before userspace can load a real policy one again ends up with a meaningless set of measurements. One option would be to put the policy load inside the initrd in order to get it early enough in the boot sequence to be useful, but this runs into trouble with the LSM. For IMA to measure the LSM policy and the LSM policy loading mechanism it needs rules to do so, but we already talked about problems with defaulting to such broad rules.... IMA also depends on the files being measured to be on an FS which implements and supports i_version. Since the only FS with this support (ext4) doesn't even use it by default it seems silly to have any IMA rules by default. This should reduce the performance overhead of IMA to near 0 while still letting users who choose to configure their machine as such to inclue the ima_tcb kernel paramenter and get measurements during boot before they can load a customized, reasonable policy in userspace. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/kernel-parameters.txt6
1 files changed, 6 insertions, 0 deletions
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index e87bdbfbcc7..d9a24a04cfb 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -914,6 +914,12 @@ and is between 256 and 4096 characters. It is defined in the file
Formt: { "sha1" | "md5" }
default: "sha1"
+ ima_tcb [IMA]
+ Load a policy which meets the needs of the Trusted
+ Computing Base. This means IMA will measure all
+ programs exec'd, files mmap'd for exec, and all files
+ opened for read by uid=0.
+
in2000= [HW,SCSI]
See header of drivers/scsi/in2000.c.