Selinux policy for x509_ima.der public certificate loaded by kernel during boot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am getting below error as selinux is denying access to the .ima
keyring. Looking for guidance for asymmetric public key selinux
policy.

[  172.014855] integrity: Request for unknown key 'id:87deb3bf' err -13

[  172.015035] audit: type=1800 audit(1604596570.579:240): pid=825
uid=1021 auid=4294967295 ses=4294967295
subj=system_u:system_r:mydaemon_t:s0-s15:c0.c1023 op="appraise_data"
cause="invalid-signature" comm="mydaemon"
name="/usr/lib/libstdc++.so.6.0.25" dev="ubifs" ino=14353 res=0

(a) Do I need to set the selinux context of file
/etc/keys/x509_ima.der. If yes what it should be.
(b) Do I need to set some selinux rule for .ima keyring. If yes how. I
tried a lot but could not find any resource.

Regards,
Rishi



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux