Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
kiwi
:
Appliance
>
dracut
> 0134-98integrity-support-validating-the-IMA-policy-file-s.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File 0134-98integrity-support-validating-the-IMA-policy-file-s.patch of Package dracut
From 8a94895d9632b15ec697f20c9c3427488fce0859 Mon Sep 17 00:00:00 2001 From: Stefan Berger <stefanb@us.ibm.com> Date: Thu, 13 Oct 2016 16:49:43 -0400 Subject: [PATCH] 98integrity: support validating the IMA policy file signature IMA validates file signatures based on the security.ima xattr. As of Linux-4.7, instead of cat'ing the IMA policy into the securityfs policy, the IMA policy pathname can be written, allowing the IMA policy file signature to be validated. This patch first attempts to write the pathname, but on failure falls back to cat'ing the IMA policy contents . Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> --- modules.d/98integrity/ima-policy-load.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules.d/98integrity/ima-policy-load.sh b/modules.d/98integrity/ima-policy-load.sh index 0061cfff..5460d025 100755 --- a/modules.d/98integrity/ima-policy-load.sh +++ b/modules.d/98integrity/ima-policy-load.sh @@ -30,7 +30,8 @@ load_ima_policy() # check the existence of the IMA policy file [ -f "${IMAPOLICYPATH}" ] && { info "Loading the provided IMA custom policy"; - cat ${IMAPOLICYPATH} > ${IMASECDIR}/policy; + echo -n "${IMAPOLICYPATH}" > ${IMASECDIR}/policy || \ + cat "${IMAPOLICYPATH}" > ${IMASECDIR}/policy } return 0