Hi Mimi, On Fri, Jul 6, 2018 at 12:59 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > Hi Martin, > > On Fri, 2018-07-06 at 10:46 +0100, Martin Townsend wrote: > > Hi, > > > > If I have a root filesystem signed for IMA/EVM could I have a policy > > that says appraise every file on this filesystem. Looking through the > > source code I think I could use > > > > appraise fsuuid=uuid-of-root-fs appraise_type=imasig > > > > Would this do what I want? > > Yes, that looks right. Remember all files on this filesystem will be > considered "immutable", meaning you won't be able to write/update > them, only delete them. > Thank you and being immutable is fine. > Mimi >
