• Mimi Zohar's avatar
    ima: support new "hash" and "dont_hash" policy actions · da1b0029
    Mimi Zohar authored
    The builtin ima_appraise_tcb policy, which is specified on the boot
    command line, can be replaced with a custom policy, normally early in
    the boot process.  Custom policies can be more restrictive in some ways,
    like requiring file signatures, but can be less restrictive in other
    ways, like not appraising mutable files.  With a less restrictive policy
    in place, files in the builtin policy might not be hashed and labeled
    with a security.ima hash.  On reboot, files which should be labeled in
    the ima_appraise_tcb are not labeled, possibly preventing the system
    from booting properly.
    
    To resolve this problem, this patch extends the existing IMA policy
    actions "measure", "dont_measure", "appraise", "dont_appraise", and
    "audit" with "hash" and "dont_hash".  The new "hash" action will write
    the file hash as security.ima, but without requiring the file to be
    appraised as well.
    
    For example, the builtin ima_appraise_tcb policy includes the rule,
    "appraise fowner=0".  Adding the "hash fowner=0" rule to a custom
    policy, will cause the needed file hashes to be calculated and written
    as security.ima xattrs.
    Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
    Signed-off-by: default avatarStefan Berger <stefanb@linux.vnet.ibm.com>
    da1b0029
integrity.h 5.34 KB