ima-evm-utils

IMA/EVM support utilities

Go to file

Coiby Xu 906f02a955 ima-add-sigs: Verify added IMA signature in case the file gets changed Resolves: https://issues.redhat.com/browse/RHEL-105471 Upstream: Fedora Conflict: None Some IMA signatures from the RPM database may fail the verification because they can be changed. For examples, the following files on F41 can't pass IMA signature verification, /usr/lib64/gconv/gconv-modules.cache /boot/grub2/grubenv /var/lib/selinux/targeted/active/commit_num /var/lib/selinux/targeted/active/file_contexts /etc/ssh/sshd_config /etc/yum.repos.d/fedora-updates.repo /etc/yum.repos.d/fedora.repo /etc/group /etc/gshadow The kernel ima=fix mode won't generate IMA hash reference value for files with IMA signature. As a result, users can be denied the access to some files. So remove security.ima if a file fail the verification. Signed-off-by: Coiby Xu <coxu@redhat.com>		2025-07-31 09:20:22 +08:00
tests	Migrate gating test to OSCI from QE CI	2022-01-19 13:57:05 -05:00
.gitignore	Add compat subpkg for helping building dependencies	2021-12-07 18:31:45 -03:00
centosimarelease-9.der	Add IMA code signing certs	2024-06-08 07:18:20 +08:00
dracut-98-integrity.conf	Add some IMA setup tools	2024-06-08 07:18:18 +08:00
gating.yaml	Migrate gating test to OSCI from QE CI	2022-01-19 13:57:05 -05:00
ima-add-sigs.sh	ima-add-sigs: Verify added IMA signature in case the file gets changed	2025-07-31 09:20:22 +08:00
ima-evm-utils.spec	Drop old libimaevm.so.4	2025-07-31 09:19:02 +08:00
ima-setup.sh	ima-setup: fix two shellcheck warnings	2025-03-06 16:47:57 +08:00
policy_list	Skip some file systems for appraisal	2024-11-13 10:56:44 +08:00
policy-01-appraise-executable-and-lib-signatures	Skip some file systems for appraisal	2024-11-13 10:56:44 +08:00
policy-02-keylime-remote-attestation	Add some IMA setup tools	2024-06-08 07:18:18 +08:00
redhatimarelease-9.der	Add IMA code signing certs	2024-06-08 07:18:20 +08:00
sources	Release 1.6.2-1	2025-03-10 11:17:22 +08:00