kernel
/
dracut
mirror of https://git.kernel.org/pub/scm/boot/dracut/dracut.git/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

98integrity: support validating the IMA policy file signature 

IMA validates file signatures based on the security.ima xattr. As of
Linux-4.7, instead of cat'ing the IMA policy into the securityfs policy,
the IMA policy pathname can be written, allowing the IMA policy file
signature to be validated.

This patch first attempts to write the pathname, but on failure falls
back to cat'ing the IMA policy contents .

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
master
Stefan Berger 2016-10-13 16:49:43 -04:00 committed by Harald Hoyer
parent de7ab164dd
commit 479b5cd94f
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules.d/98integrity/ima-policy-load.sh
View File

@ -30,7 +30,8 @@ load_ima_policy()
# check the existence of the IMA policy file
[ -f "${IMAPOLICYPATH}" ] && {
info "Loading the provided IMA custom policy";
cat ${IMAPOLICYPATH} > ${IMASECDIR}/policy;
echo -n "${IMAPOLICYPATH}" > ${IMASECDIR}/policy || \
cat "${IMAPOLICYPATH}" > ${IMASECDIR}/policy
}

return 0