Re: [PATCH v3 08/10] ima_setup.sh: Allow to load predefined policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2025-01-14 at 12:29 +0100, Petr Vorel wrote:
> environment variable LTP_IMA_LOAD_POLICY=1 tries to load example policy
> if available. This should be used only if tooling running LTP tests
> allows to reboot afterwards because policy may be writable only once,
> e.g. missing CONFIG_IMA_WRITE_POLICY=y, or policies can influence each
> other.
> 
> Loading may fail due various reasons (e.g. previously mentioned missing
> CONFIG_IMA_WRITE_POLICY=y and policy already loaded or when secure boot is
> enabled and the kernel is configured with CONFIG_IMA_ARCH_POLICY enabled, an
> appraise func=POLICY_CHECK appraise_type=imasig rule is loaded, requiring the
> IMA policy itself to be signed).
> 
> Signed-off-by: Petr Vorel <pvorel@xxxxxxx>

Looks good.  Thanks, Petr.

Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>






[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux