diff options
| author | Lans Zhang <jia.zhang@windriver.com> | 2017-07-20 16:14:15 +0800 |
|---|---|---|
| committer | Lans Zhang <jia.zhang@windriver.com> | 2017-07-20 16:14:15 +0800 |
| commit | c84c5efb45c735588ae181ac8c8c7a5539834e68 (patch) | |
| tree | f8b93ae4778ce44b9ad0d845fc246ff631de0de1 | |
| parent | 4d98ee98d21e9a42ddd665901aa120e56b026698 (diff) | |
| download | meta-secure-core-c84c5efb45c735588ae181ac8c8c7a5539834e68.tar.gz | |
IMA: allow to write policy but deny to read policy
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
| -rw-r--r-- | meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg b/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg index 5918392..52c741f 100644 --- a/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg +++ b/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | CONFIG_IMA=y | 1 | CONFIG_IMA=y |
| 2 | # CONFIG_IMA_KEXEC is not set | 2 | # CONFIG_IMA_KEXEC is not set |
| 3 | # CONFIG_IMA_LSM_RULES is not set | 3 | # CONFIG_IMA_LSM_RULES is not set |
| 4 | # CONFIG_IMA_WRITE_POLICY is not set | 4 | CONFIG_IMA_WRITE_POLICY=y |
| 5 | # CONFIG_IMA_READ_POLICY is not set | 5 | # CONFIG_IMA_READ_POLICY is not set |
| 6 | CONFIG_IMA_MEASURE_PCR_IDX=10 | 6 | CONFIG_IMA_MEASURE_PCR_IDX=10 |
| 7 | # CONFIG_IMA_TEMPLATE is not set | 7 | # CONFIG_IMA_TEMPLATE is not set |