ima: extend "mask" policy matching support
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Wed, 5 Nov 2014 12:53:55 +0000 (07:53 -0500)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Tue, 16 Jun 2015 12:18:44 +0000 (08:18 -0400)
commit4351c294b8c1028077280f761e158d167b592974
treecc7dface0ae4de97545e26df97a42171034e9443
parent139069eff7388407f19794384c42a534d618ccd7
ima: extend "mask" policy matching support

The current "mask" policy option matches files opened as MAY_READ,
MAY_WRITE, MAY_APPEND or MAY_EXEC.  This patch extends the "mask"
option to match files opened containing one of these modes.  For
example, "mask=^MAY_READ" would match files opened read-write.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Dr. Greg Wettstein <gw@idfusion.org>
Cc: stable@vger.kernel.org
Documentation/ABI/testing/ima_policy
security/integrity/ima/ima_policy.c