IMA validates file signatures based on the security.ima xattr. As of
Linux-4.7, instead of cat'ing the IMA policy into the securityfs policy,
the IMA policy pathname can be written, allowing the IMA policy file
signature to be validated.
This patch first attempts to write the pathname, but on failure falls
back to cat'ing the IMA policy contents .
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This patch supports loading keys either on the _ima keyring or, as of
Linux 3.17, on the trusted .ima keyring. Only certificates signed by
a key on the system keyring can be loaded onto the trusted .ima keyring.
Changelog:
- Update 98integrity/README
This module initializes the EVM software and permits to load a custom IMA
policy.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
Harald Hoyer