Lines Matching full:policies

28 unchangeable over time. For example, IPE policies can be crafted to trust
35 integrity and trust. For example, IPE allows the definition of policies
39 checks, allowing IPE to enforce policies that trust files protected by
152 uniquely identify policies to deploy new policies vs update existing
153 policies.
192 preserve older policies being compatible with newer kernels that can introduce
197 enforcing the configurable policies at startup, around reading and
218 Deploying Policies
221 Policies can be deployed from userspace through securityfs. These policies
223 authorization of the policies (prohibiting an attacker from gaining
225 policies must be signed by a certificate that chains to the
241 Deploying the policies is done through securityfs, through the
248 ``/sys/kernel/security/ipe/policies/``. The subdirectory will be the
250 the directory will be ``/sys/kernel/security/ipe/policies/Ex_Policy``.
263 Since only a single policy can be active at one time, all other policies
290 ``/sys/kernel/security/ipe/policies/$policy_name/active``.
293    echo 1 > "/sys/kernel/security/ipe/policies/Ex_Policy/active"
298 IPE also provides a way to delete policies. This can be done via the
300 ``/sys/kernel/security/ipe/policies/$policy_name/delete``.
303    echo 1 > "/sys/kernel/security/ipe/policies/$policy_name/delete"
319 enforced. This allows users to test policies before enforcing them.
387 along with the version and the hash digest of the two policies.
503 system, but is useful for debugging policies.
552       Controls loading policies via reading a kernel-space initiated read.
554       An example of such is loading IMA policies by writing the path
597       This ensures that the trust policies remain relevant and effective