Re: [systemd-devel] [PATCH 2/2] ima: Write the policy filename into IMA's sysfs policy file

Stefan Berger Tue, 29 Nov 2016 06:18:09 -0800

On 11/29/2016 06:56 AM, Lennart Poettering wrote:

On Mon, 28.11.16 14:17, Stefan Berger (stef...@linux.vnet.ibm.com) wrote:

From: Stefan Berger <stef...@us.ibm.com>

IMA validates file signatures based on the security.ima xattr. As of
Linux-4.7, instead of copying the IMA policy into the securityfs policy,
the IMA policy pathname can be written, allowing the IMA policy file
signature to be validated.

This patch modifies the existing code to first attempt to write the
pathname, but on failure falls back to copying the IMA policy
contents.

This second patch looks good. Any chance you can submit it as a PR on
github? That's how we usually expect patches these days!


Sent pull request:

https://github.com/systemd/systemd/pull/4766

Regards,
    Stefan

Thanks!

Lennart


_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 2/2] ima: Write the policy filename into IMA's sysfs policy file

Reply via email to