[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1552311880-20569-1-git-send-email-info@metux.net>
Date: Mon, 11 Mar 2019 14:44:40 +0100
From: "Enrico Weigelt, metux IT consult" <info@...ux.net>
To: linux-kernel@...r.kernel.org
Cc: linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: [PATCH] secuirty: integrity: ima: pedantic formatting
Formatting of Kconfig files doesn't look so pretty, so let the
Great White Handkerchief come around and clean it up.
Signed-off-by: Enrico Weigelt, metux IT consult <info@...ux.net>
---
security/integrity/ima/Kconfig | 64 +++++++++++++++++++++---------------------
1 file changed, 32 insertions(+), 32 deletions(-)
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index a18f8c6..416b724 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -34,12 +34,12 @@ config IMA_KEXEC
depends on IMA && TCG_TPM && HAVE_IMA_KEXEC
default n
help
- TPM PCRs are only reset on a hard reboot. In order to validate
- a TPM's quote after a soft boot, the IMA measurement list of the
- running kernel must be saved and restored on boot.
+ TPM PCRs are only reset on a hard reboot. In order to validate
+ a TPM's quote after a soft boot, the IMA measurement list of the
+ running kernel must be saved and restored on boot.
- Depending on the IMA policy, the measurement list can grow to
- be very large.
+ Depending on the IMA policy, the measurement list can grow to
+ be very large.
config IMA_MEASURE_PCR_IDX
int
@@ -91,10 +91,10 @@ choice
default IMA_DEFAULT_HASH_SHA1
depends on IMA
help
- Select the default hash algorithm used for the measurement
- list, integrity appraisal and audit log. The compiled default
- hash algorithm can be overwritten using the kernel command
- line 'ima_hash=' option.
+ Select the default hash algorithm used for the measurement
+ list, integrity appraisal and audit log. The compiled default
+ hash algorithm can be overwritten using the kernel command
+ line 'ima_hash=' option.
config IMA_DEFAULT_HASH_SHA1
bool "SHA1 (default)"
@@ -138,9 +138,9 @@ config IMA_READ_POLICY
default y if IMA_WRITE_POLICY
default n if !IMA_WRITE_POLICY
help
- It is often useful to be able to read back the IMA policy. It is
- even more important after introducing CONFIG_IMA_WRITE_POLICY.
- This option allows the root user to see the current policy rules.
+ It is often useful to be able to read back the IMA policy. It is
+ even more important after introducing CONFIG_IMA_WRITE_POLICY.
+ This option allows the root user to see the current policy rules.
config IMA_APPRAISE
bool "Appraise integrity measurements"
@@ -158,12 +158,12 @@ config IMA_APPRAISE
If unsure, say N.
config IMA_ARCH_POLICY
- bool "Enable loading an IMA architecture specific policy"
- depends on KEXEC_VERIFY_SIG || IMA_APPRAISE && INTEGRITY_ASYMMETRIC_KEYS
- default n
- help
- This option enables loading an IMA architecture specific policy
- based on run time secure boot flags.
+ bool "Enable loading an IMA architecture specific policy"
+ depends on KEXEC_VERIFY_SIG || IMA_APPRAISE && INTEGRITY_ASYMMETRIC_KEYS
+ default n
+ help
+ This option enables loading an IMA architecture specific policy
+ based on run time secure boot flags.
config IMA_APPRAISE_BUILD_POLICY
bool "IMA build time configured policy rules"
@@ -238,10 +238,10 @@ config IMA_TRUSTED_KEYRING
select INTEGRITY_TRUSTED_KEYRING
default y
help
- This option requires that all keys added to the .ima
- keyring be signed by a key on the system trusted keyring.
+ This option requires that all keys added to the .ima
+ keyring be signed by a key on the system trusted keyring.
- This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING
+ This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING
config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)"
@@ -266,32 +266,32 @@ config IMA_BLACKLIST_KEYRING
depends on IMA_TRUSTED_KEYRING
default n
help
- This option creates an IMA blacklist keyring, which contains all
- revoked IMA keys. It is consulted before any other keyring. If
- the search is successful the requested operation is rejected and
- an error is returned to the caller.
+ This option creates an IMA blacklist keyring, which contains all
+ revoked IMA keys. It is consulted before any other keyring. If
+ the search is successful the requested operation is rejected and
+ an error is returned to the caller.
config IMA_LOAD_X509
bool "Load X509 certificate onto the '.ima' trusted keyring"
depends on IMA_TRUSTED_KEYRING
default n
help
- File signature verification is based on the public keys
- loaded on the .ima trusted keyring. These public keys are
- X509 certificates signed by a trusted key on the
- .system keyring. This option enables X509 certificate
- loading from the kernel onto the '.ima' trusted keyring.
+ File signature verification is based on the public keys
+ loaded on the .ima trusted keyring. These public keys are
+ X509 certificates signed by a trusted key on the
+ .system keyring. This option enables X509 certificate
+ loading from the kernel onto the '.ima' trusted keyring.
config IMA_X509_PATH
string "IMA X509 certificate path"
depends on IMA_LOAD_X509
default "/etc/keys/x509_ima.der"
help
- This option defines IMA X509 certificate path.
+ This option defines IMA X509 certificate path.
config IMA_APPRAISE_SIGNED_INIT
bool "Require signed user-space initialization"
depends on IMA_LOAD_X509
default n
help
- This option requires user-space init to be signed.
+ This option requires user-space init to be signed.
--
1.9.1
Powered by blists - more mailing lists