Hello, On Wednesday, August 11, 2021 7:53:15 PM EDT Steve Grubb wrote: > On Wednesday, August 11, 2021 3:40:51 PM EDT Mimi Zohar wrote: > > On Wed, 2021-08-11 at 11:40 +0000, THOBY Simon wrote: > > Other than the two questions on " IMA: add a policy option to restrict > > xattr hash algorithms on appraisal" patch, the patch set is looking > > good. > > > > thanks, > > > > Mimi > > > > > Here is also a short description of the new audit messages, but I can > > > send it in a followup mail if that is not the proper place: > > > > > > When writing the xattr with an algorithm not built in the kernel (here > > > the kernel was built with CONFIG_CRYPTO_MD5 unset), e.g. with > > > > > > "evmctl ima_hash -a md5 /usr/bin/strace": > > > audit(1628066120.418:121): pid=1344 uid=0 auid=0 ses=1 > > > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op=set_data > > > cause=unavailable-hash-algorithm comm="evmctl" name="/usr/bin/ strace" > > > dev="dm-0" ino=2632657 res=0 errno=0> > > Is this audit event accurate? I seem to be seeing name=value=value. I'm > hoping this is a copy/paste/mail client issue. Sorry for the noise...I see there is a space in there. -Steve
