Re: [PATCH v5 3/4] LSM: Define SELinux function to measure state and policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/3/20 8:11 AM, Stephen Smalley wrote:

Possibly I'm missing something but with these patches applied on top of next-integrity, and the following lines added to /etc/ima/ima-policy:

measure func=LSM_STATE template=ima-buf
measure func=LSM_POLICY

I still don't get the selinux-state or selinux-policy-hash entries in the ascii_runtime_measurements file.  No errors during loading of the ima policy as far as I can see.


Could you please check if the following config is set?
CONFIG_IMA_QUEUE_EARLY_BOOT_DATA=y

Try changing /sys/fs/selinux/checkreqprot and check ascii_runtime_measurements file again?

Also, could you please check if
/sys/kernel/security/integrity/ima/policy contains LSM_STATE and LSM_POLICY entries?

 -lakshmi





[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux