From: Curtis V. <cr...@so...> - 2015-01-28 18:35:46
|
Moved conversation from a different thread on user list to devel list... Mimi, Thanks again for the assistance. Yes, I would like to make a patch for.fgroup support. I think that it makes sense in terms of the rest of the policy syntax. Do you think (accessed with) .guid would also make sense to match the .uid syntax? I have read parts of the IMA code already but might need a little guidance to be sure I am touching code in all the required locations. For now I am assuming that .fgroup support will require: 1. Document the use of the change in Documentation/ABI/testing/ima_policy 2. The only place I am seeing "fowner" and related code is in security/integrity/ima/ima_policy.c so I am certain changes will be required there. I assumed that there would be some changes to ima_appraise.c or other files but I am not seeing anything (given a very quick first look). If so this probably is a really good first patch to make to learn a bit of the code. I did not look at how .uid was implemented to be able to do .guid support but suspect it is similar. Feel free to point me in the right direction as my knowledge of this code is currently very limited. My use of IMA has uncovered a few other ideas that I'll put in a second post. I apologise in advance for the length of that post... Regard, Curtis |
From: Curtis V. <cr...@so...> - 2015-01-29 05:24:09
|
I have finished a first cut of .gid and .fgroup support for policy today and will be able to fully test tomorrow so no need to comment at this time if the code changes should be limited to ima_policy.c. I'll post as soon as it tests out. Sorry about the other post coming to the devel list. I should have kept it in user until I had more direction. Regards, Curtis |