[systemd-devel] [PATCH 2/2] ima: Write the policy filename into IMA's sysfs policy file
Stefan Berger
stefanb at linux.vnet.ibm.com
Tue Nov 29 14:14:00 UTC 2016
On 11/29/2016 06:56 AM, Lennart Poettering wrote:
> On Mon, 28.11.16 14:17, Stefan Berger (stefanb at linux.vnet.ibm.com) wrote:
>
>> From: Stefan Berger <stefanb at us.ibm.com>
>>
>> IMA validates file signatures based on the security.ima xattr. As of
>> Linux-4.7, instead of copying the IMA policy into the securityfs policy,
>> the IMA policy pathname can be written, allowing the IMA policy file
>> signature to be validated.
>>
>> This patch modifies the existing code to first attempt to write the
>> pathname, but on failure falls back to copying the IMA policy
>> contents.
> This second patch looks good. Any chance you can submit it as a PR on
> github? That's how we usually expect patches these days!
Sent pull request:
https://github.com/systemd/systemd/pull/4766
Regards,
Stefan
> Thanks!
>
> Lennart
>
More information about the systemd-devel
mailing list