lsm: [[subj_user=] [subj_role=] [subj_type=]
[obj_user=] [obj_role=] [obj_type=]]
- base: func:= [BPRM_CHECK][FILE_MMAP][INODE_PERMISSION]
+ base: func:= [BPRM_CHECK][FILE_MMAP][FILE_CHECK]
mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
fsmagic:= hex value
uid:= decimal value
measure func=BPRM_CHECK
measure func=FILE_MMAP mask=MAY_EXEC
- measure func=INODE_PERM mask=MAY_READ uid=0
+ measure func=FILE_CHECK mask=MAY_READ uid=0
The default policy measures all executables in bprm_check,
all files mmapped executable in file_mmap, and all files
- open for read by root in inode_permission.
+ open for read by root in do_filp_open.
Examples of LSM specific definitions:
dont_measure obj_type=var_log_t
dont_measure obj_type=auditd_log_t
- measure subj_user=system_u func=INODE_PERM mask=MAY_READ
- measure subj_role=system_r func=INODE_PERM mask=MAY_READ
+ measure subj_user=system_u func=FILE_CHECK mask=MAY_READ
+ measure subj_role=system_r func=FILE_CHECK mask=MAY_READ
Smack:
- measure subj_user=_ func=INODE_PERM mask=MAY_READ
+ measure subj_user=_ func=FILE_CHECK mask=MAY_READ