> Hi Petr, > On Fri, 2024-12-13 at 23:20 +0100, Petr Vorel wrote: > > Suggested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> > > Signed-off-by: Petr Vorel <pvorel@xxxxxxx> > > --- > > .../integrity/ima/datafiles/ima_violations/violations.policy | 1 + > > 1 file changed, 1 insertion(+) > > create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy > > diff --git a/testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy b/testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy > > new file mode 100644 > > index 0000000000..5734c7617f > > --- /dev/null > > +++ b/testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy > > @@ -0,0 +1 @@ > > +func=FILE_CHECK > "[PATCH v2 1/8] IMA: Add TCB policy as an example for ima_measurements.sh" > contains two rules to measure files opened by root on file open. > measure func=FILE_CHECK mask=^MAY_READ euid=0 > measure func=FILE_CHECK mask=^MAY_READ uid=0 My bad of course "func=FILE_CHECK" is not enough. Thanks for providing a correct example policy (required part of 'tcb' policy). > If the 'tcb' or equivalent policy is loaded, there is no need to load another > policy rule. Yes, I'll fix the next commit to avoid loading example policy when ima_policy=tcb. Kind regards, Petr > Thanks, > Mimi
