[PATCH v1 7/7] ima: require signed IMA policy

Require the IMA policy to be signed when additional rules can be added. Signed-off-by: Mimi Zohar --- security/integrity/ima/ima_policy.c | 4 1 file changed, 4 insertions(+) diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c

[PATCH v1 5/7] ima: measure and appraise firmware (improvement)

Instead of reading the firmware twice, once for measuring/appraising the firmware and again reading the file contents into memory, this patch reads the firmware once. Signed-off-by: Mimi Zohar --- drivers/base/firmware_class.c | 15 +++

[PATCH v1 0/7] ima: measuring/appraising files read by the kernel

This patch set closes a number of measurement/appraisal gaps by defining a generic function named ima_read_and_process_file() for measuring and appraising files read by the kernel (eg. kexec image and initramfs, firmware, IMA policy). To differentiate between callers of

[PATCH v1 2/7] ima: separate 'security.ima' reading functionality from collect

From: Dmitry Kasatkin Instead of passing pointers to pointers to ima_collect_measurent() to read and return the 'security.ima' xattr value, this patch moves the functionality to the calling process_measurement() to directly read the xattr and pass only the hash algo to

Re: [PATCH v1 4/7] ima: measure and appraise kexec image and initramfs

On Tue, Dec 08, 2015 at 01:01:21PM -0500, Mimi Zohar wrote: [..] > #ifdef CONFIG_IMA_APPRAISE > diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c > index b70ada0..18c4a84 100644 > --- a/kernel/kexec_file.c > +++ b/kernel/kexec_file.c > @@ -18,6 +18,7 @@ > #include > #include > #include

Re: [PATCH v1 1/7] ima: update appraise flags after policy update completes

On 15-12-08 13:01:18, Mimi Zohar wrote: > While creating a temporary list of new rules, the ima_appraise flag is > updated, but not reverted on failure to append the new rules to the > existing policy. This patch defines temp_ima_appraise flag. Only when > the new rules are appended to the

Re: [PATCH v1 4/7] ima: measure and appraise kexec image and initramfs

On Tue, 2015-12-08 at 13:32 -0500, Vivek Goyal wrote: > On Tue, Dec 08, 2015 at 01:01:21PM -0500, Mimi Zohar wrote: > > [..] > > #ifdef CONFIG_IMA_APPRAISE > > diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c > > index b70ada0..18c4a84 100644 > > --- a/kernel/kexec_file.c > > +++

Update

Good day, hoping you read this email and respond to me in good time.I do not intend to solicit for funds but your time and energy in using my own resources to assist the less privileged becauseI am medically ill and confined at the moment hence I request your indulgence.I will give you a