[RFC PATCH v4 02/12] security: add ipe lsm evaluation loop and audit system

Deven Bowers deven.desai at linux.microsoft.com
Mon Jul 20 16:44:01 UTC 2020



On 7/17/2020 4:16 PM, Randy Dunlap wrote:
> On 7/17/20 4:09 PM, Deven Bowers wrote:
>> +config SECURITY_IPE_PERMISSIVE_SWITCH
>> +	bool "Enable the ability to switch IPE to permissive mode"
>> +	default y
>> +	help
>> +	  This option enables two ways of switching IPE to permissive mode,
>> +	  a sysctl (if enabled), `ipe.enforce`, or a kernel command line
>> +	  parameter, `ipe.enforce`. If either of these are set to 0, files
> 
> 	                                               is set

Thanks, I'll change it in the next iteration.

> 
>> +	  will be subject to IPE's policy, audit messages will be logged, but
>> +	  the policy will not be enforced.
>> +
>> +	  If unsure, answer Y.
> 
> 



More information about the Linux-security-module-archive mailing list