Require the IMA policy to be signed when additional rules can be added.
Signed-off-by: Mimi Zohar
---
security/integrity/ima/ima_policy.c | 4
1 file changed, 4 insertions(+)
diff --git a/security/integrity/ima/ima_policy.c
b/security/integrity/ima/ima_policy.c
Instead of reading the firmware twice, once for measuring/appraising
the firmware and again reading the file contents into memory, this
patch reads the firmware once.
Signed-off-by: Mimi Zohar
---
drivers/base/firmware_class.c | 15 +++
This patch set closes a number of measurement/appraisal gaps by defining
a generic function named ima_read_and_process_file() for measuring and
appraising files read by the kernel (eg. kexec image and initramfs,
firmware, IMA policy).
To differentiate between callers of
From: Dmitry Kasatkin
Instead of passing pointers to pointers to ima_collect_measurent() to
read and return the 'security.ima' xattr value, this patch moves the
functionality to the calling process_measurement() to directly read
the xattr and pass only the hash algo to
On Tue, Dec 08, 2015 at 01:01:21PM -0500, Mimi Zohar wrote:
[..]
> #ifdef CONFIG_IMA_APPRAISE
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index b70ada0..18c4a84 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -18,6 +18,7 @@
> #include
> #include
> #include
On 15-12-08 13:01:18, Mimi Zohar wrote:
> While creating a temporary list of new rules, the ima_appraise flag is
> updated, but not reverted on failure to append the new rules to the
> existing policy. This patch defines temp_ima_appraise flag. Only when
> the new rules are appended to the
On Tue, 2015-12-08 at 13:32 -0500, Vivek Goyal wrote:
> On Tue, Dec 08, 2015 at 01:01:21PM -0500, Mimi Zohar wrote:
>
> [..]
> > #ifdef CONFIG_IMA_APPRAISE
> > diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> > index b70ada0..18c4a84 100644
> > --- a/kernel/kexec_file.c
> > +++
Good day, hoping you read this email and respond to me in good time.I do not
intend to solicit for funds but your time and energy in using my own resources
to assist the less privileged becauseI am medically ill and confined at the
moment hence I request your indulgence.I will give you a