Some configuration files are executables and so they require the
signature in the extended attribute. If they are not executable,
they can be skipped.
Examples for configuration files that are also executables are
the grub files in /etc/grub.d.
Signed-off-by: Stefan Berger
---
plugins/ima.c | 1
Since newly installed files may be invoked by post install scriptlets,
we need to have them signed before the scriptlets are executed.
Therefore, we now move the IMA plugin to the fsm_file_prepare hook.
Signed-off-by: Stefan Berger
---
plugins/ima.c | 43 +++--
The following series of patches addresses some issues with signatures on
files. In particular:
- some files marked as config files are also executables and therefore
need to have the signature applied
- some RPM packages require that the files be signed when the post
install scriptlets are ru
Panu Matilainen wrote on 09/23/2016 03:30:54
PM:
> From: Panu Matilainen
> To: Stefan Berger/Watson/IBM@IBMUS
> Cc: fionnuala.gun...@gmail.com, rpm-maint@lists.rpm.org, Stefan
> Berger
> Date: 09/23/2016 03:31 PM
> Subject: Re: [Rpm-maint] [PATCH v2 0/4] Fixes for file signatures
>
> On 09/2
On 09/23/2016 10:30 PM, Panu Matilainen wrote:
On 09/23/2016 07:43 PM, Stefan Berger wrote:
Panu Matilainen wrote on 09/23/2016 07:50:15
AM:
So... to achieve all this and actually behave correct in the face of
skipped files - whether due to color, netshared path or other file
policies - th
On 09/23/2016 07:43 PM, Stefan Berger wrote:
Panu Matilainen wrote on 09/23/2016 07:50:15
AM:
So... to achieve all this and actually behave correct in the face of
skipped files - whether due to color, netshared path or other file
policies - the IMA plugin should really just do what the seli
Stefan Berger/Watson/IBM wrote on 09/23/2016 12:43:33 PM:
> From: Stefan Berger/Watson/IBM
> To: Panu Matilainen
> Cc: fionnuala.gun...@gmail.com, rpm-maint@lists.rpm.org, Stefan
> Berger
> Date: 09/23/2016 12:43 PM
> Subject: Re: [Rpm-maint] [PATCH v2 0/4] Fixes for file signatures
>
> Panu M
On 23 September 2016 at 08:44, Panu Matilainen wrote:
> Also generally it's preferred to avoid magic numbers when it can be easily
> expressed with defined names, (S_IXUSR|S_IXGRP|S_IXOTH) is easier for the
> reader than 0111.
That actually depends on the reader :-)
__
Panu Matilainen wrote on 09/23/2016 07:50:15
AM:
> >>
> >> So... to achieve all this and actually behave correct in the face of
> >> skipped files - whether due to color, netshared path or other file
> >> policies - the IMA plugin should really just do what the selinux
plugin
> >> does and us
On 09/23/2016 02:12 PM, Stefan Berger wrote:
Panu Matilainen wrote on 09/23/2016 03:03:48
AM:
From: Panu Matilainen
To: Stefan Berger , rpm-maint@lists.rpm.org
Cc: Stefan Berger/Watson/IBM@IBMUS, fionnuala.gun...@gmail.com
Date: 09/23/2016 03:03 AM
Subject: Re: [Rpm-maint] [PATCH v2 3/4] rpmp
On 09/23/2016 02:20 PM, Stefan Berger wrote:
Panu Matilainen wrote on 09/23/2016 04:15:22
AM:
From: Panu Matilainen
To: Stefan Berger , rpm-maint@lists.rpm.org
Cc: Stefan Berger/Watson/IBM@IBMUS, fionnuala.gun...@gmail.com
Date: 09/23/2016 04:15 AM
Subject: Re: [Rpm-maint] [PATCH v2 0/4] Fixe
Panu Matilainen wrote on 09/23/2016 04:15:22
AM:
> From: Panu Matilainen
> To: Stefan Berger , rpm-maint@lists.rpm.org
> Cc: Stefan Berger/Watson/IBM@IBMUS, fionnuala.gun...@gmail.com
> Date: 09/23/2016 04:15 AM
> Subject: Re: [Rpm-maint] [PATCH v2 0/4] Fixes for file signatures
>
> On 09/22/2
Panu Matilainen wrote on 09/23/2016 03:03:48
AM:
> From: Panu Matilainen
> To: Stefan Berger , rpm-maint@lists.rpm.org
> Cc: Stefan Berger/Watson/IBM@IBMUS, fionnuala.gun...@gmail.com
> Date: 09/23/2016 03:03 AM
> Subject: Re: [Rpm-maint] [PATCH v2 3/4] rpmplugins: Introduce new
> fsm_pre and
Panu Matilainen wrote on 09/23/2016 02:44:48
AM:
> From: Panu Matilainen
> To: Stefan Berger , rpm-maint@lists.rpm.org
> Cc: Stefan Berger/Watson/IBM@IBMUS, fionnuala.gun...@gmail.com
> Date: 09/23/2016 02:45 AM
> Subject: Re: [Rpm-maint] [PATCH v2 1/4] ima-plugin: Have executable
> configurat
On 09/23/2016 11:15 AM, Panu Matilainen wrote:
On 09/22/2016 08:30 PM, Stefan Berger wrote:
The following series of patches addresses some issues with signatures on
files. In particular:
- some files marked as config files are also executables and therefore
need to have a signature applied
-
On 09/22/2016 08:30 PM, Stefan Berger wrote:
The following series of patches addresses some issues with signatures on
files. In particular:
- some files marked as config files are also executables and therefore
need to have a signature applied
- the IMA plugin may only run on package install c
On 09/22/2016 08:30 PM, Stefan Berger wrote:
Introduce fsm_pre and fsm_post hooks, which are invoked
before and after the package files are installed.
Signed-off-by: Stefan Berger
[...]
diff --git a/lib/rpmplugins.h b/lib/rpmplugins.h
index 39762c3..3702526 100644
--- a/lib/rpmplugins.h
+++ b
17 matches
Mail list logo