you forgot to specify the "&" in front of  "mr" in your measure request.

The 'write' takes a POINTER.

Please try again changing

write(fd_mreq, mr, sizeof(struct measure_request))

write(fd_mreq, &mr, sizeof(struct measure_request))

Reiner Sailer, Research Staff Member, Secure Systems Department
IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532
Phone: 914 784 6280  (t/l 863)  Fax: 914 784 6205,

From: "" <>
To: "linux-ima-user" <>
Date: 08/30/2007 01:18 PM
Subject: [Linux-ima-user] manual measure error

Hi. Thanks for the detailed answer of my previous email.

I'm trying to manually measure a configuration file with this code:

#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>

struct measure_request {
 int fd;
 u_int16_t label;

int fd_mreq, fd_config;
struct measure_request mr;

int main (int argc, char **argv)
 fd_mreq = open("/sys/kernel/security/ima/measurereq", O_WRONLY);
 fd_config = open(argv[1], O_RDONLY);
 if (fd_mreq <= 0) printf("non apro mreq");
 if (fd_config <= 0) printf("non apro il file da misurare");

 mr.fd = fd_config; /* file descriptor of the file that shall be measured */
 mr.label=3134; /* any label/tag; it only appears in the measurement entry */

 if (write(fd_mreq, mr, sizeof(struct measure_request)))

 return 0;

It still prints ERROR so no write to the /sys/kernel/security/ima/measurereq that is still loaded with:

sudo mount -t securityfs none /sys/kernel/security && sudo chmod +r /sys/kernel/security/ima/*

Any help would be appreciated.

Thak you. Best Regards,

Rinaldo Bergamini

This email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>
Linux-ima-user mailing list