[RFC PATCH v4 02/12] security: add ipe lsm evaluation loop and audit system
Deven Bowers
deven.desai at linux.microsoft.com
Mon Jul 20 16:44:01 UTC 2020
On 7/17/2020 4:16 PM, Randy Dunlap wrote:
> On 7/17/20 4:09 PM, Deven Bowers wrote:
>> +config SECURITY_IPE_PERMISSIVE_SWITCH
>> + bool "Enable the ability to switch IPE to permissive mode"
>> + default y
>> + help
>> + This option enables two ways of switching IPE to permissive mode,
>> + a sysctl (if enabled), `ipe.enforce`, or a kernel command line
>> + parameter, `ipe.enforce`. If either of these are set to 0, files
>
> is set
Thanks, I'll change it in the next iteration.
>
>> + will be subject to IPE's policy, audit messages will be logged, but
>> + the policy will not be enforced.
>> +
>> + If unsure, answer Y.
>
>
More information about the Linux-security-module-archive
mailing list