On 09/24/2016 12:11 AM, Stefan Berger wrote:
The following series of patches addresses some issues with signatures on
files. In particular:
- some files marked as config files are also executables and therefore
need to have the signature applied
- some RPM packages require that the files be signed when the post
install scriptlets are run since they may invoke executables that
were just installed; so we move the IMA plugin from the psm_post hook
to the fsm_file_prepare hook.
Regards,
Stefan
Stefan Berger (2):
ima-plugin: Have executable configuration files signed
ima-plugin: Move the IMA plugin to the fsm_file_prepare hook
plugins/ima.c | 38 +++++++++++++++++++++++---------------
1 file changed, 23 insertions(+), 15 deletions(-)
Series applied, with minor adjustions to the second patch as per my
suggestions before: slightly expanded commit message and clarify the
skipped + unowned test to:
/* Ignore skipped files and unowned directories */
if (XFA_SKIPPING(action) || (op & FAF_UNOWNED))
goto exit;
Thanks for the patches!
- Panu -
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint