Signature verification on symbolic links is not supported by IMA in the
kernel, so remove the calculation of digests over symbolic links.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
---
src/libimaevm.c | 17 -----------------
1 file changed, 17 deletions(-)
diff --git a/src/libimaevm.c b/src/libimaevm.c
index 07a25c9..6591d20 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -177,20 +177,6 @@ out:
return err;
}
-static int add_link_hash(const char *path, EVP_MD_CTX *ctx)
-{
- int len;
- char buf[1024];
-
- len = readlink(path, buf, sizeof(buf));
- /* 0-length links are also an error */
- if (len <= 0)
- return -1;
-
- log_info("link: %s -> %.*s\n", path, len, buf);
- return !EVP_DigestUpdate(ctx, buf, len);
-}
-
int ima_calc_hash(const char *file, uint8_t *hash)
{
const EVP_MD *md;
@@ -231,9 +217,6 @@ int ima_calc_hash(const char *file, uint8_t *hash)
case S_IFREG:
err = add_file_hash(file, pctx);
break;
- case S_IFLNK:
- err = add_link_hash(file, pctx);
- break;
default:
log_err("Unsupported file type (0x%x)", st.st_mode & S_IFMT);
err = -1;
--
2.31.1
