Re: Can we enforce "IMA Policy" based on file type

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 4/25/19, 4:59 AM, "Mimi Zohar" <zohar@xxxxxxxxxxxxx> wrote:

>    As Matthew indicated, you could define LSM labels on the squashfs file
>   images.  Another option would be to extend IMA by implementing the LSM
>    security_sb_mount hook.  The IMA policy rule would probably look
>   something like:

We looked in to the security_sb_mount function. It receives the device name as string "const char *dev_name".
We need to do the IMA appraisal on the backing file (squashfs file) associated with this device.
However, based on this device name we were unable to get the backing_file associated with it in kernel space.
Can you give some pointers? 

Also, we need to know if at the time when this function is called, if the backing file is associated with this device.

>    appraise func=MOUNT_CHECK fsname=squashfs appraise_type=imasig
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux