Re: [Linux-ima-user] [systemd-devel] [PATCH 2/2] ima: Write the policy filename into IMA's sysfs po

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 11/29/2016 06:56 AM, Lennart Poettering wrote:
> On Mon, 28.11.16 14:17, Stefan Berger (st...@li...) wrote:
>
>> From: Stefan Berger <st...@us...>
>>
>> IMA validates file signatures based on the security.ima xattr. As of
>> Linux-4.7, instead of copying the IMA policy into the securityfs policy,
>> the IMA policy pathname can be written, allowing the IMA policy file
>> signature to be validated.
>>
>> This patch modifies the existing code to first attempt to write the
>> pathname, but on failure falls back to copying the IMA policy
>> contents.
> This second patch looks good. Any chance you can submit it as a PR on
> github? That's how we usually expect patches these days!

Sent pull request:

https://github.com/systemd/systemd/pull/4766

Regards,
     Stefan

> Thanks!
>
> Lennart
>

Re: [Linux-ima-user] [systemd-devel] [PATCH 2/2] ima: Write the policy filename into IMA's sysfs po

Re: [Linux-ima-user] [systemd-devel] [PATCH 2/2] ima: Write the policy filename into IMA's sysfs policy file