Re: [Linux-ima-user] looking for suggestions on rule use

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Tue, 2015-07-14 at 16:59 -0400, Mimi Zohar wrote:
> On Tue, 2015-07-14 at 20:10 +0200, Patrick Ohly wrote:
> > The problem which keeps coming up is that such a policy is not practical
> > when root processes are meant to modify files on the device.
> 
> Even if root was modifying files, it isn't modifying all files.
> Normally it's limited to configuration files.   The above BPRM_CHECK
> rule verifies executables.

Do you have an example of a complete policy using that?

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.