[RFC][PATCH] ima: add default rule for initramfs files

From: Roberto Sassu
Date: Tue Jul 06 2010 - 11:08:30 EST

Next message: Andy Shevchenko: "[PATCH] staging: tidspbridge: gen: simplify and clean up"
Previous message: Ilya Dryomov: "Re: Problem with tty changes in linux-next"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch modifies the default policy shipped with IMA, in order to avoid measurements
of files in the initial ramdisk. Those files can be measured early in the boot process
by the bootloader.
The patch applies to latest version of the mainline kernel 2.6.35-rc4.

Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxx>
---
security/integrity/ima/ima_policy.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index aef8c0a..92d8d0e 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -64,6 +64,7 @@ static struct ima_measure_rule_entry default_rules[] = {
{.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC},
{.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},
{.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC},
+ {.action = DONT_MEASURE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC},
{.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC,
.flags = IMA_FUNC | IMA_MASK},
{.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC,
--
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andy Shevchenko: "[PATCH] staging: tidspbridge: gen: simplify and clean up"
Previous message: Ilya Dryomov: "Re: Problem with tty changes in linux-next"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]