Re: [Linux-ima-user] Replacement for /ima/measurereq

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Tue, 2009-11-24 at 18:56 +0000, John Lyle wrote:
> Hi,
> 
> I've used previous versions of IMA, before it was integrated into the 
> Linux kernel.  In the past, a handy /ima/measurereq device was present 
> which made it easy to modify userspace applications to measure files.  I 
> notice that this doesn't exist now.  What would you suggest I use instead? 
> 
> Thanks very much for your help,
> 
> Best regards,
> 
> John

IMA now measures files based on policy.  The ima_tcb=1 command line
option enables a policy, which measures all files open for read by root,
all executables, and all mmapped files. This policy can be constrained,
for example, by defining LSM specific rules. For details, refer to
[linux-2.6.31.x]/Documentation/ABI/testing/ima_policy.

Mimi