]> git.ipfire.org Git - thirdparty/dracut.git/commit
projects / thirdparty / dracut.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: de7ab16) | patch
98integrity: support validating the IMA policy file signature 158/head
authorStefan Berger <stefanb@us.ibm.com>
Thu, 13 Oct 2016 20:49:43 +0000 (16:49 -0400)
committerHarald Hoyer <harald@redhat.com>
Thu, 13 Oct 2016 21:02:40 +0000 (23:02 +0200)
commit479b5cd94f16052cf6ea28d0e8abba2b926fff83
tree76c77d63bf652274ff70e69dd26ad3e054238a0ftree
parentde7ab164dd0aa68100c290f355b858900193e004commit | diff
98integrity: support validating the IMA policy file signature

IMA validates file signatures based on the security.ima xattr. As of
Linux-4.7, instead of cat'ing the IMA policy into the securityfs policy,
the IMA policy pathname can be written, allowing the IMA policy file
signature to be validated.

This patch first attempts to write the pathname, but on failure falls
back to cat'ing the IMA policy contents .

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
modules.d/98integrity/ima-policy-load.sh diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.