Hi Mimi, > Hi Petr, > On Fri, 2024-12-13 at 23:20 +0100, Petr Vorel wrote: > > Taken from IMA docs [1], removed dont_measure fsmagic=0x1021994 (tmpfs) > > as suggested by Mimi. > > [1] https://ima-doc.readthedocs.io/en/latest/ima-policy.html#ima-tcb > > Signed-off-by: Petr Vorel <pvorel@xxxxxxx> > After thinking about it some more, anyone interested in constraining the > "measure func=FILE_CHECK" rules based on LSM labels to avoid integrity > violations would need to reboot the system anyway. [1] > For this reason, please include the new dont_measure tmpfs rule as proposed in > "[PATCH] ima: limit the builtin 'tcb' dont_measure tmpfs policy rule". [2] Sure, I'll add in v3: dont_measure fsmagic=0x1021994 func=FILE_CHECK Kind regards, Petr > [1] Integrity violations - > https://ima-doc.readthedocs.io/en/latest/event-log-format.html#template-data-hash > [2] > https://lore.kernel.org/linux-integrity/20241230142333.1309623-2-zohar@xxxxxxxxxxxxx/ > thanks, > Mimi
