On Fri, Apr 19, 2019 at 5:08 PM Kavitha Sivagnanam <kavi@xxxxxxxxxxx> wrote: > > Hi > > I am wondering, in the current implementation of IMA policy, if there is a way to enforce appraisal on a file based on the file type. The file type that I am interested in enforcing the policy is for SquashFS files. Not directly - the kernel has no idea of what type a file has. If you use selinux or smack then you can label squashfs files with a specific type and then use the obj_role option in your policy. You'd also need policy that prevents anyone else from modifying these, so depending on what your threat model is this may not work out.
