On 11/23/20 10:54 AM, Yonghong Song wrote:
On 11/23/20 10:46 AM, KP Singh wrote:
On Mon, Nov 23, 2020 at 7:36 PM Yonghong Song wrote:
On 11/23/20 10:27 AM, KP Singh wrote:
[...]
Even if a custom policy has been loaded, potentially additional
measurements unrelated to this test
On 11/23/20 10:46 AM, KP Singh wrote:
On Mon, Nov 23, 2020 at 7:36 PM Yonghong Song wrote:
On 11/23/20 10:27 AM, KP Singh wrote:
[...]
Even if a custom policy has been loaded, potentially additional
measurements unrelated to this test would be included the measurement
list. One way
On Mon, Nov 23, 2020 at 7:36 PM Yonghong Song wrote:
>
>
>
> On 11/23/20 10:27 AM, KP Singh wrote:
> > [...]
> >
>
> Even if a custom policy has been loaded, potentially additional
> measurements unrelated to this test would be included the measurement
> list. One way of
On 11/23/20 10:27 AM, KP Singh wrote:
[...]
Even if a custom policy has been loaded, potentially additional
measurements unrelated to this test would be included the measurement
list. One way of limiting a rule to a specific test is by loopback
mounting a file system and defining a policy
[...]
> > >
> > > Even if a custom policy has been loaded, potentially additional
> > > measurements unrelated to this test would be included the measurement
> > > list. One way of limiting a rule to a specific test is by loopback
> > > mounting a file system and defining a policy rule based on
[Cc'ing Petr Vorel]
On Mon, 2020-11-23 at 15:06 +0100, KP Singh wrote:
> On Mon, Nov 23, 2020 at 2:24 PM Mimi Zohar wrote:
> >
> > On Sat, 2020-11-21 at 00:50 +, KP Singh wrote:
> > > From: KP Singh
> > >
> > > - Update the IMA policy before executing the test binary (this is not an
> > >
On Mon, Nov 23, 2020 at 2:24 PM Mimi Zohar wrote:
>
> On Sat, 2020-11-21 at 00:50 +, KP Singh wrote:
> > From: KP Singh
> >
> > - Update the IMA policy before executing the test binary (this is not an
> > override of the policy, just an append that ensures that hashes are
> > calculated
On Sat, 2020-11-21 at 00:50 +, KP Singh wrote:
> From: KP Singh
>
> - Update the IMA policy before executing the test binary (this is not an
> override of the policy, just an append that ensures that hashes are
> calculated on executions).
Assuming the builtin policy has been replaced
From: KP Singh
- Update the IMA policy before executing the test binary (this is not an
override of the policy, just an append that ensures that hashes are
calculated on executions).
- Call the bpf_ima_inode_hash in the bprm_committed_creds hook and check
if the call succeeded and a hash
9 matches
Mail list logo
