Menu
▾
▴
Re: [Linux-ima-user] IMA appraisal with signature issue
|
From: Mimi Z. <zo...@li...> - 2016-01-12 13:33:45
|
On Tue, 2016-01-12 at 13:16 +0100, Baal Su wrote: > > On 11 Jan 2016, at 20:53, Mimi Zohar <zo...@li...> wrote: > > > > On Mon, 2016-01-11 at 16:58 +0100, Baal Su wrote: > But when I try to read this file, which belongs to another user whose > files are appraised, it still shows the same error as the following. > > Following Mark’s suggestion, I try to show the keys belonging to the > keyring of global .ima, there is no key under it. If CONFIG_IMA_TRUSTED_KERYING is enabled, the IMA keyring name is .ima, otherwise it is _ima. > >> > >> But when I want to read from a file under appraisal with enforce mode, it still shows: > >> > >> [ 358.334856] digsig: key not found, id: 821C0DFD4C617DA > >> cat: file: Permission denied > > > > Only asymmetric keys should be on the IMA keyring, not user. > > I follow the instructions in the wiki page > <http://sourceforge.net/p/linux-ima/wiki/Home/#imaevm-keyrings-loading-the-public-keys> to load the public keys, but instead of x509 certificate, I just use the RSA key pairs. Why don't you follow the directions first, before making changes, and see if that works. You'll need the ima-evm-utils package. Mimi |
