]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/ima-setup.c
52bcceb8c5625b913e49966e89b042047f3922ea
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 Copyright 2010 Lennart Poettering
4 Copyright (C) 2012 Roberto Sassu - Politecnico di Torino, Italy
5 TORSEC group — http://security.polito.it
13 #include "ima-setup.h"
17 #define IMA_SECFS_DIR "/sys/kernel/security/ima"
18 #define IMA_SECFS_POLICY IMA_SECFS_DIR "/policy"
19 #define IMA_POLICY_PATH "/etc/ima/ima-policy"
23 _cleanup_fclose_
FILE *input
= NULL
;
24 _cleanup_close_
int imafd
= -1;
26 char line
[page_size()];
28 if (access(IMA_SECFS_DIR
, F_OK
) < 0) {
29 log_debug("IMA support is disabled in the kernel, ignoring.");
33 if (access(IMA_SECFS_POLICY
, W_OK
) < 0) {
34 log_warning("Another IMA custom policy has already been loaded, ignoring.");
38 if (access(IMA_POLICY_PATH
, F_OK
) < 0) {
39 log_debug("No IMA custom policy file "IMA_POLICY_PATH
", ignoring.");
43 imafd
= open(IMA_SECFS_POLICY
, O_WRONLY
|O_CLOEXEC
);
45 log_error_errno(errno
, "Failed to open the IMA kernel interface "IMA_SECFS_POLICY
", ignoring: %m");
49 /* attempt to write the name of the policy file into sysfs file */
50 if (write(imafd
, IMA_POLICY_PATH
, STRLEN(IMA_POLICY_PATH
)) > 0)
53 /* fall back to copying the policy line-by-line */
54 input
= fopen(IMA_POLICY_PATH
, "re");
56 log_warning_errno(errno
, "Failed to open the IMA custom policy file "IMA_POLICY_PATH
", ignoring: %m");
62 imafd
= open(IMA_SECFS_POLICY
, O_WRONLY
|O_CLOEXEC
);
64 log_error_errno(errno
, "Failed to open the IMA kernel interface "IMA_SECFS_POLICY
", ignoring: %m");
68 FOREACH_LINE(line
, input
,
69 return log_error_errno(errno
, "Failed to read the IMA custom policy file "IMA_POLICY_PATH
": %m")) {
75 if (len
> 0 && write(imafd
, line
, len
) < 0)
76 return log_error_errno(errno
, "Failed to load the IMA custom policy file "IMA_POLICY_PATH
"%u: %m",
81 log_info("Successfully loaded the IMA custom policy "IMA_POLICY_PATH
".");
82 #endif /* ENABLE_IMA */