From: Eric Richter <erichte@linux.vnet.ibm.com>
Date: Thu, 15 Jun 2017 21:02:52 +0000 (-0500)
Subject: IMA: update IMA policy documentation to include pcr= option
X-Git-Tag: v4.13-rc1~161^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc26bd50539b6f52aa75ffbaec7b083825ec5451;p=thirdparty%2Fkernel%2Flinux.git

IMA: update IMA policy documentation to include pcr= option

Commit 0260643ce "ima: add policy support for extending different pcrs"
introduced a new IMA policy option "pcr=".  Missing was the documentation
for this option.  This patch updates ima_policy to include this option,
as well as an example.

Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---

diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
index bb0f9a135e21b..e76432b9954d5 100644
--- a/Documentation/ABI/testing/ima_policy
+++ b/Documentation/ABI/testing/ima_policy
@@ -34,9 +34,10 @@ Description:
 			fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6)
 			uid:= decimal value
 			euid:= decimal value
-			fowner:=decimal value
+			fowner:= decimal value
 		lsm:  	are LSM specific
 		option:	appraise_type:= [imasig]
+			pcr:= decimal value
 
 		default policy:
 			# PROC_SUPER_MAGIC
@@ -96,3 +97,8 @@ Description:
 
 		Smack:
 			measure subj_user=_ func=FILE_CHECK mask=MAY_READ
+
+		Example of measure rules using alternate PCRs:
+
+			measure func=KEXEC_KERNEL_CHECK pcr=4
+			measure func=KEXEC_INITRAMFS_CHECK pcr=5