Commit be54067b authored by Krzysztof Struczynski's avatar Krzysztof Struczynski Committed by Zheng Zengkai
Browse files

ima: Configure the new ima namespace from securityfs 

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I49KW1


CVE: NA

--------------------------------

Add ima securityfs entries to configure per ima namespace:
- path to the x509 certificate
- ima kernel boot parameters

The x509 certificate will be parsed and loaded when the first process is
born into the new ima namespace, paths are not validated when written.

Kernel boot parameters are pre-parsed and applied when the first process
is born into the
new namespace.

Signed-off-by: default avatarKrzysztof Struczynski <krzysztof.struczynski@huawei.com>
Reviewed-by: default avatarZhang Tianxing <zhangtianxing3@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 2098d7b5
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment