Menu
▾
▴
Re: [Linux-ima-user] Tar files with security.ima
|
From: Mimi Z. <zo...@li...> - 2017-06-02 20:54:12
|
On Fri, 2017-06-02 at 17:16 +0800, Rock Lee wrote: > > if you are a normal user, then you will not see any of the security.* > > attributes. If you are the root user, then they should display as well. > > > > If you are user root, the command you want should be > > > > tar --xattrs -cvjf file.tar.bz2 file > > > > assuming that you are using a version of tar that has been built to > > handle extended attributes. > > > > See also > > > > https://unix.stackexchange.com/questions/300168/how-do-i-get-a-dump-of-all-extended-attributes-for-a-file > > Hi Mark: > > Unfortunately, it seems tar does work well with security namespace > extend attributes(SMACK, IMA). I found dar is capable of archiving > files with all the extended attributes. Thanks anyway. As I recall, you need to include "--xattrs" when creating the tar, and then "--xattrs --xattrs-include=security.ima" when installing the tar. Installing tar packages containing file signatures requires a kernel with commit: 5d1a717ec04 "ima: add support for creating files using the mknodat syscall" Mimi |
