On 2022/11/3 21:15, Mimi Zohar wrote:
On Wed, 2022-11-02 at 09:42 +0800, Guozihua (Scott) wrote:
As I only see an IMA measurement policy rule being loaded for
"unlabeled_t" and not "user_home_t", should I assume that an IMA
measurement rule already exists for "user_home_t"?
There wasn't a rule for user_home_t. These scripts demonstrate that
during a selinux policy reload, IMA would measure files that is not in
the range of it's LSM based rules. Which is the issue I am trying to fix.
In this test, we only have one rule for measuring files of type
unlabeled_t. However, during selinux policy reload, file of user_home_t
is also measured.
Thanks, Scott. After tweaking the scripts for my system, I was able to
reproduce the bug. This patch set is now queued in next-integrity.
Hi Mimi,
Any chance these patches would be in 6.1?
--
Best
GUO Zihua
