git.ipfire.org Git - people/arne

author	Roberto Sassu <rsassu@suse.de>
	Sat, 11 Apr 2015 15:13:06 +0000 (17:13 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 3 Aug 2015 16:29:11 +0000 (09:29 -0700)
commit	73cc530acfebd856d803d3f153350a2892715da8
tree	8b255ec85a017a6d5b936a5b7b4041ee984e1171	tree \| snapshot
parent	4fd5dc9eece297f49f16f82422ead3a28b11ea70	commit \| diff

ima: skip measurement of cgroupfs files and update documentation

commit 6438de9f3fb5180d78a0422695d0b88c687757d3 upstream.

This patch adds a rule in the default measurement policy to skip inodes
in the cgroupfs filesystem. Measurements for this filesystem can be
avoided, as all the digests collected have the same value of the digest of
an empty file.

Furthermore, this patch updates the documentation of IMA policies in
Documentation/ABI/testing/ima_policy to make it consistent with
the policies set in security/integrity/ima/ima_policy.c.

Signed-off-by: Roberto Sassu <rsassu@suse.de>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Documentation/ABI/testing/ima_policy		diff \| blob \| blame \| history
security/integrity/ima/ima_policy.c		diff \| blob \| blame \| history