From c84c5efb45c735588ae181ac8c8c7a5539834e68 Mon Sep 17 00:00:00 2001
From: Lans Zhang <jia.zhang@windriver.com>
Date: Thu, 20 Jul 2017 16:14:15 +0800
Subject: IMA: allow to write policy but deny to read policy

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
---
 meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg b/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg
index 5918392..52c741f 100644
--- a/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg
+++ b/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg
@@ -1,7 +1,7 @@
 CONFIG_IMA=y
 # CONFIG_IMA_KEXEC is not set
 # CONFIG_IMA_LSM_RULES is not set
-# CONFIG_IMA_WRITE_POLICY is not set
+CONFIG_IMA_WRITE_POLICY=y
 # CONFIG_IMA_READ_POLICY is not set
 CONFIG_IMA_MEASURE_PCR_IDX=10
 # CONFIG_IMA_TEMPLATE is not set
-- 
cgit v1.2.3-54-g00ecf