Menu
▾
▴
Re: [Linux-ima-user] IMA (latest patches) do not allow creation of in policy files.
|
From: Curtis V. <cu...@vp...> - 2015-06-22 21:26:17
|
I wondered (last week) if I had a problem with write policy. I actually had tried adding a number of more Specific write rules. But ripped them out when I still had some issues. Probably should have made Those rules more generic. In any case I'm adding lines for all groups that I have appraise policies for. ... Just tested it works perfectly. Thanks very much for your help. Regards, Curtis -----Original Message----- From: Mimi Zohar [mailto:zo...@li...] Sent: Monday, June 22, 2015 1:05 PM To: Curtis Veit Cc: lin...@li... Subject: Re: [Linux-ima-user] IMA (latest patches) do not allow creation of in policy files. On Mon, 2015-06-22 at 11:03 -0600, Curtis Veit wrote: > # Using groups instead of uid mainly for testing # gid functionality # > group root = 0 may want to go by owner or group? > # group shadow = 42 needed if above not by owner measure > func=FILE_CHECK mask=MAY_READ fgroup=0 appraise func=FILE_CHECK > mask=MAY_READ fgroup=0 The security.ima hash value is updated only if the file is in policy. You're policy doesn't inlcude files opened for write. appraise func=FILE_CHECK fgroup=0 Mimi |
