rpms/ima-evm-utils
6
0
Fork 0
Code Issues Pull Requests Releases Activity
IMA/EVM support utilities
27 Commits 8 Branches 26 Tags 195 KiB
55eba46a6a
Go to file
Coiby Xu 55eba46a6a Skip some file systems for appraisal 
Resolves: https://issues.redhat.com/browse/RHEL-62817
Conflict: None

Upstream Status: https://src.fedoraproject.org/rpms/ima-evm-utils.git

commit 83b610d7edee02804dc1cecab8e151728925e90b
Author: Coiby Xu <coxu@redhat.com>
Date:   Wed Oct 16 13:48:01 2024 +0800

    Skip some file systems for appraisal

    Resolves: https://issues.redhat.com/browse/RHEL-62817

    When 01-appraise-exectuables-and-lib-signatures is enabled, no login
    screen is available for user to log in. This happens because IMA stops
    gnome-shell from creating some temp files as can been from the audit log,

        type=INTEGRITY_DATA msg=audit(1728700747.130:10235): pid=3240 uid=42 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 op=appraise_data cause=IMA-signature-required comm="gnome-shell" name="/dev/shm/#3223" dev="tmpfs" ino=3223 res=0 errno=0UID="gdm" AUID="unset"
        type=INTEGRITY_DATA msg=audit(1728700747.130:10236): pid=3240 uid=42 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 op=appraise_data cause=IMA-signature-required comm="gnome-shell" name="/run/user/42/#454" dev="tmpfs" ino=454 res=0 errno=0UID="gdm" AUID="unset"
        type=INTEGRITY_DATA msg=audit(1728700747.131:10237): pid=3240 uid=42 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 op=appraise_data cause=IMA-signature-required comm="gnome-shell" name="memfd:libffi" dev="tmpfs" ino=578 res=0 errno=0UID="gdm" AUID="unset"

    Skip the file systems as listed in
    https://www.kernel.org/doc/Documentation/ABI/testing/ima_policy

    Reported-by: Raju Cheerla <rcheerla@redhat.com>

Signed-off-by: Coiby Xu <coxu@redhat.com>
2024-11-13 10:56:44 +08:00
tests Migrate gating test to OSCI from QE CI 2022-01-19 13:57:05 -05:00
.gitignore Add compat subpkg for helping building dependencies 2021-12-07 18:31:45 -03:00
centosimarelease-9.der Add IMA code signing certs 2024-06-08 07:18:20 +08:00
dracut-98-integrity.conf Add some IMA setup tools 2024-06-08 07:18:18 +08:00
gating.yaml Migrate gating test to OSCI from QE CI 2022-01-19 13:57:05 -05:00
ima-add-sigs.sh ima-setup: Allow users to specify custom reinstall_threshold 2024-06-08 07:18:20 +08:00
ima-evm-utils.spec Skip some file systems for appraisal 2024-11-13 10:56:44 +08:00
ima-setup.sh ima-setup: Install prerequisite package rpm-plugin-ima 2024-06-08 07:27:10 +08:00
policy_list Skip some file systems for appraisal 2024-11-13 10:56:44 +08:00
policy-01-appraise-executable-and-lib-signatures Skip some file systems for appraisal 2024-11-13 10:56:44 +08:00
policy-02-keylime-remote-attestation Add some IMA setup tools 2024-06-08 07:18:18 +08:00
redhatimarelease-9.der Add IMA code signing certs 2024-06-08 07:18:20 +08:00
sources Rebase to upstream release v1.5 2024-04-12 14:31:50 +08:00