git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Jann Horn <jannh@google.com>
	Thu, 25 Sep 2025 23:45:06 +0000 (01:45 +0200)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Thu, 16 Oct 2025 15:12:20 +0000 (11:12 -0400)
commit	345123d650db724d53ffee84d7365008c6f729de
tree	119eecf3fdb2adccab3993dcbc26f956ac6988f3	tree \| snapshot
parent	8f3fc4f3f8aa6e99266c69cc78bdaa58379e65fc	commit \| diff

ima: add dont_audit action to suppress audit actions

"measure", "appraise" and "hash" actions all have corresponding "dont_*"
actions, but "audit" currently lacks that. This means it is not
currently possible to have a policy that audits everything by default,
but excludes specific cases.

This seems to have been an oversight back when the "audit" action was
added.

Add a corresponding "dont_audit" action to enable such uses.

Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

Documentation/ABI/testing/ima_policy		diff \| blob \| blame \| history
security/integrity/ima/ima_policy.c		diff \| blob \| blame \| history