[RFC PATCH v4 02/12] security: add ipe lsm evaluation loop and audit system
Randy Dunlap
rdunlap at infradead.org
Fri Jul 17 23:16:43 UTC 2020
On 7/17/20 4:09 PM, Deven Bowers wrote:
> +config SECURITY_IPE_PERMISSIVE_SWITCH
> + bool "Enable the ability to switch IPE to permissive mode"
> + default y
> + help
> + This option enables two ways of switching IPE to permissive mode,
> + a sysctl (if enabled), `ipe.enforce`, or a kernel command line
> + parameter, `ipe.enforce`. If either of these are set to 0, files
is set
> + will be subject to IPE's policy, audit messages will be logged, but
> + the policy will not be enforced.
> +
> + If unsure, answer Y.
--
~Randy
More information about the Linux-security-module-archive
mailing list