Hi Petr, On Fri, 2024-12-13 at 23:20 +0100, Petr Vorel wrote: > Suggested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> > Signed-off-by: Petr Vorel <pvorel@xxxxxxx> > --- > .../integrity/ima/datafiles/ima_violations/violations.policy | 1 + > 1 file changed, 1 insertion(+) > create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy > > diff --git a/testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy b/testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy > new file mode 100644 > index 0000000000..5734c7617f > --- /dev/null > +++ b/testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy > @@ -0,0 +1 @@ > +func=FILE_CHECK "[PATCH v2 1/8] IMA: Add TCB policy as an example for ima_measurements.sh" contains two rules to measure files opened by root on file open. measure func=FILE_CHECK mask=^MAY_READ euid=0 measure func=FILE_CHECK mask=^MAY_READ uid=0 If the 'tcb' or equivalent policy is loaded, there is no need to load another policy rule. Thanks, Mimi
