Hi Andreas,When I use cat to input my policy into '<security fs>/ima/policy' with root account, 'permission denied' error came out to reject the modification.Do you have any idea about this?Thanks for your help.Jason2012/9/11 Andreas Steffen <email@example.com>
you find information on how to define a custom-defined IMA policy
under this link:
The custom policy is applied during the early boot process using
a dracut initramfs.
If you want to specify specific files or directories to be measured
then you must tag your file system using SE Linux. I tried this
approach to measure all Linux kernel modules. Have a look at the
custom IMA policy shown in Fig. 6 of my Linux IMA remote attestation paper
On 10.09.2012 16:17, Jason Chow wrote:
> Hi all,
> I'm a newbie in IMA, and I'm very interested in it. Could you help me to
> get familiar with it. Thanks a lot.
> As I know, new kernel has already put IMA in mainline. And I have
> already enabled it. But I'm confused with how to configure the measument
> list to make it do a measument for files as I wished. However I cannot
> find any documents about how to do this configuration. Any help from you
> will be highly appreciated.
> Thanks a lot.
Andreas Steffen firstname.lastname@example.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)