Matt
Thanks for the response. You are pretty much confirming what we found out.
Even if I am using LSM label for squashfs files, it can only enforce IMA appraisal on files that I know about.
It will not affect any new Squashfs files for which label is not set yet.
On 4/23/19, 11:00 AM, "Matthew Garrett" <mjg59@xxxxxxxxxx> wrote:
On Fri, Apr 19, 2019 at 5:08 PM Kavitha Sivagnanam <kavi@xxxxxxxxxxx> wrote:
>
> Hi
>
> I am wondering, in the current implementation of IMA policy, if there is a way to enforce appraisal on a file based on the file type. The file type that I am interested in enforcing the policy is for SquashFS files.
Not directly - the kernel has no idea of what type a file has. If you
use selinux or smack then you can label squashfs files with a specific
type and then use the obj_role option in your policy. You'd also need
policy that prevents anyone else from modifying these, so depending on
what your threat model is this may not work out.
