Re: [dm-devel] [RFC PATCH v4 02/12] security: add ipe lsm evaluation loop and audit system

Randy Dunlap Fri, 17 Jul 2020 17:16:59 -0700

On 7/17/20 4:09 PM, Deven Bowers wrote:
> +config SECURITY_IPE_PERMISSIVE_SWITCH
> +     bool "Enable the ability to switch IPE to permissive mode"
> +     default y
> +     help
> +       This option enables two ways of switching IPE to permissive mode,
> +       a sysctl (if enabled), `ipe.enforce`, or a kernel command line
> +       parameter, `ipe.enforce`. If either of these are set to 0, files


                                                       is set

> +       will be subject to IPE's policy, audit messages will be logged, but
> +       the policy will not be enforced.
> +
> +       If unsure, answer Y.


-- 
~Randy

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel

Re: [dm-devel] [RFC PATCH v4 02/12] security: add ipe lsm evaluation loop and audit system

Reply via email to