Re: [Linux-ima-user] IMA (latest patches) do not allow creation of in policy files.

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Mon, 2015-06-22 at 13:59 +0000, Curtis Veit wrote:
> So what method may be used to create a new file with a valid hash?
> Seems like there are valid use cases for this. 

New files are always hashed as long as they're in policy.  Try creating
a test file and getting the security xattr values and the sha256sum of
the file. 

$ sudo sh -c "echo 'Hello World' > /etc/hello" 

$ getfattr -m ^security --dump -e hex /etc/hello 
getfattr: Removing leading '/' from absolute path names
# file: etc/hello
security.evm=0x02736807ac58a250f017de2d3fdd45e63db4270c73
security.ima=0x0404d2a84f4b8b650937ec8f73cd8be2c74add5a911ba64df27458ed8229da804a26
security.selinux=0x756e636f6e66696e65645f753a6f626a6563745f723a6574635f743a733000

$ sha256sum /etc/hello
d2a84f4b8b650937ec8f73cd8be2c74add5a911ba64df27458ed8229da804a26  /etc/hello

If you're still having problems, then post the results here with your
appraisal policy.

Mimi