rpms/kernel/devel allow-disabling-ima.diff, NONE, 1.1 kernel.spec, 1.1737, 1.1738
Kyle McMartin
kyle at fedoraproject.org
Tue Aug 25 23:13:21 UTC 2009
- Previous message: rpms/mnemosyne/devel .cvsignore, 1.3, 1.4 mnemosyne.spec, 1.4, 1.5 sources, 1.3, 1.4
- Next message: rpms/vte/devel .cvsignore, 1.82, 1.83 sources, 1.83, 1.84 vte.spec, 1.156, 1.157
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kyle
Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29876
Modified Files:
kernel.spec
Added Files:
allow-disabling-ima.diff
Log Message:
* Tue Aug 25 2009 Kyle McMartin <kyle at redhat.com>
- allow-disabling-ima.diff: debugging patch... adds ima=0 kernel
param to disable initialization of IMA.
allow-disabling-ima.diff:
Documentation/kernel-parameters.txt | 5 +++++
security/integrity/ima/ima_main.c | 17 +++++++++++++++++
2 files changed, 22 insertions(+)
--- NEW FILE allow-disabling-ima.diff ---
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 7936b80..0d1b1ed 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -926,6 +926,11 @@ and is between 256 and 4096 characters. It is defined in the file
ihash_entries= [KNL]
Set number of hash buckets for inode cache.
+ ima= [IMA]
+ Format: { "0" | "1" }
+ 0 -- disable IMA.
+ 1 -- enable IMA. (default)
+
ima_audit= [IMA]
Format: { "0" | "1" }
0 -- integrity auditing messages. (Default)
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 101c512..cc7603e 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -339,10 +339,27 @@ int ima_bprm_check(struct linux_binprm *bprm)
return 0;
}
+static int ima_disabled = 0;
+static int __init ima_enabled(char *str)
+{
+ unsigned long enabled;
+
+ if (!strict_strtoul(str, 0, &enabled))
+ ima_disabled = enabled ? 0 : 1;
+
+ return 1;
+}
+__setup("ima=", ima_enabled);
+
static int __init init_ima(void)
{
int error;
+ if (ima_disabled) {
+ pr_info("IMA disabled at user request.\n");
+ return 0;
+ }
+
ima_iintcache_init();
error = ima_init();
ima_initialized = 1;
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.1737
retrieving revision 1.1738
diff -u -p -r1.1737 -r1.1738
--- kernel.spec 25 Aug 2009 03:15:09 -0000 1.1737
+++ kernel.spec 25 Aug 2009 23:13:20 -0000 1.1738
@@ -728,6 +728,8 @@ Patch12020: xen-fb-probe-fix.patch
Patch12021: xen-x86-fix-stackprotect.patch
Patch12022: xen-x86-no-stackprotect.patch
+Patch90000: allow-disabling-ima.diff
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1345,6 +1347,8 @@ ApplyPatch xen-fb-probe-fix.patch
ApplyPatch xen-x86-fix-stackprotect.patch
ApplyPatch xen-x86-no-stackprotect.patch
+ApplyPatch allow-disabling-ima.diff
+
# END OF PATCH APPLICATIONS
%endif
@@ -2011,6 +2015,10 @@ fi
# and build.
%changelog
+* Tue Aug 25 2009 Kyle McMartin <kyle at redhat.com>
+- allow-disabling-ima.diff: debugging patch... adds ima=0 kernel
+ param to disable initialization of IMA.
+
* Tue Aug 25 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.31-0.174.rc7.git2
- drm-nouveau.patch: upstream update, pre-nv50 tv-out + misc fixes
- Previous message: rpms/mnemosyne/devel .cvsignore, 1.3, 1.4 mnemosyne.spec, 1.4, 1.5 sources, 1.3, 1.4
- Next message: rpms/vte/devel .cvsignore, 1.82, 1.83 sources, 1.83, 1.84 vte.spec, 1.156, 1.157
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list