kernel
/
dracut
mirror of https://git.kernel.org/pub/scm/boot/dracut/dracut.git/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

98integrity: support validating the IMA policy file signature 

IMA validates file signatures based on the security.ima xattr. As of
Linux-4.7, instead of cat'ing the IMA policy into the securityfs policy,
the IMA policy pathname can be written, allowing the IMA policy file
signature to be validated.

This patch first attempts to write the pathname, but on failure falls
back to cat'ing the IMA policy contents .

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
master
Stefan Berger 8 years ago committed by Harald Hoyer
parent
de7ab164dd
commit
479b5cd94f
1 changed files with 2 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      modules.d/98integrity/ima-policy-load.sh

3
modules.d/98integrity/ima-policy-load.sh
Unescape View File

@ -30,7 +30,8 @@ load_ima_policy()
# check the existence of the IMA policy file # check the existence of the IMA policy file
[ -f "${IMAPOLICYPATH}" ] && { [ -f "${IMAPOLICYPATH}" ] && {
info "Loading the provided IMA custom policy"; info "Loading the provided IMA custom policy";
cat ${IMAPOLICYPATH} > ${IMASECDIR}/policy; echo -n "${IMAPOLICYPATH}" > ${IMASECDIR}/policy || \
cat "${IMAPOLICYPATH}" > ${IMASECDIR}/policy
} }


return 0 return 0

Write Preview
Loading…
Cancel
Save