IMA: allow reading back the current IMA policy

It is often useful to be able to read back the IMA policy. It is even more important after introducing CONFIG_IMA_WRITE_POLICY. This option allows the root user to see the current policy rules. Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com> Signed-off-by: Petko Manolov <petkan@mip-labs.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
author: Petko Manolov <petkan@mip-labs.com> 2015-12-02 17:47:56 +0200
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-12-15 10:01:43 -0500
commit: 80eae209d63ac6361c7b445f7e7e41f39c044772 (patch)
tree: db99b638e2688529f6f61756ffae56b64a95311b /security/integrity/ima/Kconfig
parent: 41c89b64d7184a780f12f2cccdabe65cb2408893 (diff)
download: linux-next-80eae209d63ac6361c7b445f7e7e41f39c044772.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 8d5e6e0e0937..e54a8a8dae94 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -118,6 +118,16 @@ config IMA_WRITE_POLICY
 
 	  If unsure, say N.
 
+config IMA_READ_POLICY
+	bool "Enable reading back the current IMA policy"
+	depends on IMA
+	default y if IMA_WRITE_POLICY
+	default n if !IMA_WRITE_POLICY
+	help
+	   It is often useful to be able to read back the IMA policy.  It is
+	   even more important after introducing CONFIG_IMA_WRITE_POLICY.
+	   This option allows the root user to see the current policy rules.
+
 config IMA_APPRAISE
 	bool "Appraise integrity measurements"
 	depends on IMA
author	Petko Manolov <petkan@mip-labs.com>	2015-12-02 17:47:56 +0200
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2015-12-15 10:01:43 -0500
commit	80eae209d63ac6361c7b445f7e7e41f39c044772 (patch)
tree	db99b638e2688529f6f61756ffae56b64a95311b /security/integrity/ima/Kconfig
parent	41c89b64d7184a780f12f2cccdabe65cb2408893 (diff)
download	linux-next-80eae209d63ac6361c7b445f7e7e41f39c044772.tar.gz