On Mon, Jan 18, 2016 at 10:11:24AM -0500, Mimi Zohar wrote:
> From: Dmitry Kasatkin
>
> echo /etc/ima/ima_policy > /sys/kernel/security/ima/policy
> fs/exec.c | 21
> diff --git a/fs/exec.c b/fs/exec.c
> index 3524e5f..5731b40 100644
> --- a/fs/exec.c
On Thu, 2016-01-21 at 01:05 +0100, Luis R. Rodriguez wrote:
> On Mon, Jan 18, 2016 at 10:11:24AM -0500, Mimi Zohar wrote:
> > --- a/fs/exec.c
> > +++ b/fs/exec.c
> > @@ -903,6 +903,27 @@ out:
> > return ret;
> > }
> >
> > +int kernel_read_file_from_path(char *path, void **buf, loff_t *size,
On Mon, Jan 18, 2016 at 10:11:24AM -0500, Mimi Zohar wrote:
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -903,6 +903,27 @@ out:
> return ret;
> }
>
> +int kernel_read_file_from_path(char *path, void **buf, loff_t *size,
> +loff_t max_size, int policy_id)
> +{
> +
From: Dmitry Kasatkin
We currently cannot do appraisal or signature vetting of IMA policies
since we currently can only load IMA policies by writing the contents
of the policy directly in, as follows:
cat policy-file > /ima/policy
If we provide the kernel the path to the IMA policy so it can lo