diff options
| author | Deven Bowers <deven.desai@linux.microsoft.com> | 2024-08-03 08:08:15 +0200 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2024-08-20 04:36:26 +0200 |
| commit | 0311507792b54069ac72e0a6c6b35c5d40aadad8 (patch) | |
| tree | 6d74be50e686df975fdec73c65ce920826f2ae32 /tools | |
| parent | lockdown: Make lockdown_lsmid static (diff) | |
| download | linux-0311507792b54069ac72e0a6c6b35c5d40aadad8.tar.xz linux-0311507792b54069ac72e0a6c6b35c5d40aadad8.zip | |
lsm: add IPE lsm
Integrity Policy Enforcement (IPE) is an LSM that provides an
complimentary approach to Mandatory Access Control than existing LSMs
today.
Existing LSMs have centered around the concept of access to a resource
should be controlled by the current user's credentials. IPE's approach,
is that access to a resource should be controlled by the system's trust
of a current resource.
The basis of this approach is defining a global policy to specify which
resource can be trusted.
Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/testing/selftests/lsm/lsm_list_modules_test.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/tools/testing/selftests/lsm/lsm_list_modules_test.c b/tools/testing/selftests/lsm/lsm_list_modules_test.c index 06d24d4679a6..1cc8a977c711 100644 --- a/tools/testing/selftests/lsm/lsm_list_modules_test.c +++ b/tools/testing/selftests/lsm/lsm_list_modules_test.c @@ -128,6 +128,9 @@ TEST(correct_lsm_list_modules) case LSM_ID_EVM: name = "evm"; break; + case LSM_ID_IPE: + name = "ipe"; + break; default: name = "INVALID"; break; |