Re: [RFC PATCH v4 02/12] security: add ipe lsm evaluation loop and audit system

From: Randy Dunlap
Date: Fri Jul 17 2020 - 19:17:04 EST

Next message: Scott Branden: "[PATCH v3] pwm: bcm-iproc: handle clk_get_rate() return"
Previous message: Scott Branden: "Re: [PATCH v2] pwm: bcm-iproc: handle clk_get_rate() return"
In reply to: Deven Bowers: "[RFC PATCH v4 02/12] security: add ipe lsm evaluation loop and audit system"
Next in thread: Deven Bowers: "Re: [RFC PATCH v4 02/12] security: add ipe lsm evaluation loop and audit system"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7/17/20 4:09 PM, Deven Bowers wrote:
> +config SECURITY_IPE_PERMISSIVE_SWITCH
> + bool "Enable the ability to switch IPE to permissive mode"
> + default y
> + help
> + This option enables two ways of switching IPE to permissive mode,
> + a sysctl (if enabled), `ipe.enforce`, or a kernel command line
> + parameter, `ipe.enforce`. If either of these are set to 0, files

is set

> + will be subject to IPE's policy, audit messages will be logged, but
> + the policy will not be enforced.
> +
> + If unsure, answer Y.

--
~Randy

Next message: Scott Branden: "[PATCH v3] pwm: bcm-iproc: handle clk_get_rate() return"
Previous message: Scott Branden: "Re: [PATCH v2] pwm: bcm-iproc: handle clk_get_rate() return"
In reply to: Deven Bowers: "[RFC PATCH v4 02/12] security: add ipe lsm evaluation loop and audit system"
Next in thread: Deven Bowers: "Re: [RFC PATCH v4 02/12] security: add ipe lsm evaluation loop and audit system"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]