[Linux-ima-user] Single file measurement

[Black R. <bla...@gm...>]

Hello,
I'm trying to measure single files with IMA by using SMACK as described in
this post https://sourceforge.net/p/linux-ima/mailman/message/25990539/

I've tried to get it to work on a machine running Ubuntu 16.04, kernel
version 4.4.0-47-generic.
These are the steps I have performed so far:

- Added "smackfs /sys/fs/smackfs smackfs defaults 0 0" to /etc/fstab
- Added "security=smack ima_tcb" to the kernel boot parameters in
/etc/default/grub
- Reboot -> smackfs got mounted correctly in /sys/fs/smackfs
- Now added SMACK policy with `echo "_
M                       rwxa"` -> ('_', 23spaces, 'M', 23spaces, 'rwxa')
- Added the following content into a file

                # PROC_SUPER_MAGIC
                dont_measure fsmagic=0x9fa0
                # SYSFS_MAGIC
               dont_measure fsmagic=0x62656572
               # DEBUGFS_MAGIC
               dont_measure fsmagic=0x64626720
               # TMPFS_MAGIC
               dont_measure fsmagic=0x01021994
               # SECURITYFS_MAGIC
               dont_measure fsmagic=0x73636673
               measure func=BPRM_CHECK
               measure func=FILE_MMAP mask=MAY_EXEC
               measure func=FILE_CHECK mask=MAY_READ obj_user=M

   and cat'ed it to  /sys/kernel/security/ima/policy
- Set the attribute M on a testfile via
           setfattr -n security.SMACK64 -v M testFile.txt

Reboot the system
But the file "testFile.txt" did not get measured!? Do I have to do anything
else?
Is there a way to display the current policies that are being applied?
When adding labels to files that should be measured, does the system always
require a reboot, so that these files are going to be measured and changes
to the files noticed?
After the system has rebooted are the previously added policies still there
or just used for one "system restart session" and then reset to the default?

Thank you