Menu
▾
▴
[Linux-ima-user] How can I replace signed files?
|
From: Curtis V. <cr...@so...> - 2015-06-10 15:42:46
|
History: I am working on embedded systems and working toward a cut-over to a version supporting IMA. Currently on kernel 3.18.2 (but should update when I have time) I have been using tar and/or rsync to deploy and update my target systems. I have been anticipating a cut over to using IMA so I had planned on using the following commands to carry the security signatures/hashes to the target system. capture the system: tar -C devspace --numeric-owner --acls --xattrs -zcvplf file.tar.gz . and to deploy to a mounted target disk: tar -C mnt_point --numeric_owner --acls --xattrs -zxvplf file.tar.gz Interestingly enough I can see the security xattrs inside the ungziped tar file that I create but they seem to disappear when I unpack them. I am unpacking on a filesystem that seems to support xattrs fine as I can create them locally with evmctl. Similarly I have tried rsync -avAHX --numeric-ids --specials --devices devspace/* root@target/ This is perhaps more mysterious as I am successfully getting the security.evm=0x... xattrs but the security.ima=0x... xattrs have disappeared. (does rsync only support sending a single xattr?) If I was on a really recent kernel I would wonder if Dimetry's recent patch to not allow user-space to modify the ima xattr was involved. Comments? Suggestions? Seems like work was going on for cpio support, do I need to be using that? Best regards, Curtis |
