Hi Andreas,
When I use cat to input my policy into '<security fs>/ima/policy' with root account, 'permission denied' error came out to reject the modification.
Do you have any idea about this?
Thanks for your help.

2012/9/11 Andreas Steffen <andreas.steffen@strongswan.org>
Hi Jason,

you find information on how to define a custom-defined IMA policy
under this link:


The custom policy is applied during the early boot process using
a dracut initramfs.

If you want to specify specific files or directories to be measured
then you must tag your file system using SE Linux. I tried this
approach to measure all Linux kernel modules. Have a look at the
custom IMA policy shown in Fig. 6 of my Linux IMA remote attestation paper


Best regards


On 10.09.2012 16:17, Jason Chow wrote:
> Hi all,
> I'm a newbie in IMA, and I'm very interested in it. Could you help me to
> get familiar with it. Thanks a lot.
> As I know, new kernel has already put IMA in mainline. And I have
> already enabled it. But I'm confused with how to configure the measument
> list to make it do a measument for files as I wished. However I cannot
> find any documents about how to do this configuration. Any help from you
> will be highly appreciated.
> Thanks a lot.
> Jason

Andreas Steffen                         andreas.steffen@strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)