Menu
▾
▴
Re: [Linux-ima-user] File measurements not always stored or security.ima disappearing
|
From: Mimi Z. <zo...@li...> - 2013-01-07 11:59:59
|
On Fri, 2013-01-04 at 19:20 +0100, Sven Vermeulen wrote: > On Fri, Jan 04, 2013 at 07:54:19AM -0500, Mimi Zohar wrote: > > > Indeed, without loading the custom policy it seems to work fine. > > > > To summarize, the base policy works properly as there are not any LSM > > specific rules. An IMA policy containing LSM rules works properly, > > until the LSM policy is reloaded, as shown in your setsebool example. > > Please let me know if the patch below fixes it. > > Yes it does fixes it. I'm able to rebuild policies, toggle booleans, etc. > Also, the SELinux error messages on "selinux_audit_rule_match: stale rule" > have also almost fully disappeared (just get a single one right after > updating the policy) and I get my AVC denials just as I expected to (wasn't > the case before). Great! Unfortunately, updating the LSM policy is LSM specific. The only generic method for detecting an LSM policy change is when an error occurs. The first "stale rule" is the trigger to update the IMA LSM based rules. > I'm now distributing it to my other test VMs so I can have the entire test > infrastructure run with IMA/EVM (enforcing). Cool! Are you using digital signatures or only hashes? Mimi |