Yes, I am having problem as I am not able to validate IMA implementation on my device. Basically, uuid of partition B is not yyyy-yy-yy-yy and therefore I am not able to conclude whether it will be appraised or not. If no rule is written for any partition is it appraised ? On Wed, Jan 30, 2019 at 12:08 AM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > On Tue, 2019-01-29 at 14:21 +0530, rishi gupta wrote: > > Hi Team, > > > > I set the policy for IMA as follows. (1) Files in partition B will be > > appraised or not if its UUID is not yyyy-yy-yy-yy. (2) Do files in > > partition C only will be appraised irrespective of whatever rule is > > written for other partitions. > > > > My goal is to include a partition and exclude all other partitions. > > > > # Exclude partition A > > dont_measure fsuuid=xxxx-xx-xx-xx > > dont_appraise fsuuid=xxxx-xx-xx-xx > > > > # Exclude partition B (Problem here) > > dont_measure fsuuid=yyyy-yy-yy-yy > > dont_appraise fsuuid=yyyy-yy-yy-yy > > > > # Appraise partition C > > appraise fsuuid=zzzz-zz-zz-zz appraise_type=imasig > > Are you having problems with these policy rules? Policy rules are > handled sequentially. Just make sure these rules are before any of > the other "appraise" rules. > > Mimi >
