[Linux-ima-user] IMA hash update

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello!

I have a system setup such that some files are hashed on the target
device. That works fine in most cases: "echo foo >bar" creates bar with
a valid security.ima and it can be updated with "echo abc >>bar", even
after a reboot.

However, after a power off without properly shutting down first, a
sqlite3 DB file ended up with an invalid hash in security.ima. That
leads me to one question: when a file gets written to, when is the
security.ima hash updated?

My theory is that sqlite3 has written and synced new data to the DB
file, but the hash wasn't updated yet when the machine was powered off,
or it wasn't synced to disk. If that's true, then I need to rethink
where such DB files get stored and how they will be protected.

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.