rpms/kernel/devel allow-disabling-ima.diff, NONE, 1.2.2.2 kernel.spec, 1.1294.2.59, 1.1294.2.60

myoung myoung at fedoraproject.org
Wed Aug 26 20:16:16 UTC 2009 

Author: myoung

Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32476

Modified Files:
      Tag: private-myoung-dom0-branch
	kernel.spec 
Added Files:
      Tag: private-myoung-dom0-branch
	allow-disabling-ima.diff 
Log Message:
forgot to add a file


allow-disabling-ima.diff:
 Documentation/kernel-parameters.txt |    5 +++++
 security/integrity/ima/ima_main.c   |   17 +++++++++++++++++
 2 files changed, 22 insertions(+)

--- NEW FILE allow-disabling-ima.diff ---
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 7936b80..0d1b1ed 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -926,6 +926,11 @@ and is between 256 and 4096 characters. It is defined in the file
 	ihash_entries=	[KNL]
 			Set number of hash buckets for inode cache.
 
+	ima=		[IMA]
+			Format: { "0" | "1" }
+			0 -- disable IMA.
+			1 -- enable IMA. (default)
+
 	ima_audit=	[IMA]
 			Format: { "0" | "1" }
 			0 -- integrity auditing messages. (Default)
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 101c512..cc7603e 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -339,10 +339,27 @@ int ima_bprm_check(struct linux_binprm *bprm)
 	return 0;
 }
 
+static int ima_disabled = 0;
+static int __init ima_enabled(char *str)
+{
+	unsigned long enabled;
+
+	if (!strict_strtoul(str, 0, &enabled))
+		ima_disabled = enabled ? 0 : 1;
+
+	return 1;
+}
+__setup("ima=", ima_enabled);
+
 static int __init init_ima(void)
 {
 	int error;
 
+	if (ima_disabled) {
+		pr_info("IMA disabled at user request.\n");
+		return 0;
+	}
+
 	ima_iintcache_init();
 	error = ima_init();
 	ima_initialized = 1;


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.1294.2.59
retrieving revision 1.1294.2.60
diff -u -p -r1.1294.2.59 -r1.1294.2.60
--- kernel.spec	26 Aug 2009 19:58:48 -0000	1.1294.2.59
+++ kernel.spec	26 Aug 2009 20:16:16 -0000	1.1294.2.60
@@ -2021,7 +2021,7 @@ fi
 
 %changelog
 * Wed Aug 26 2009 Michael Young <m.a.young at durham.ac.uk>
-- update pvops again
+- update pvops again.
 
 * Wed Aug 26 2009 Chuck Ebbert <cebbert at redhat.com>
 - 2.6.31-rc7-git4

More information about the fedora-extras-commits mailing list