rpms/ima-evm-utils
6
0
Fork 0
Code Issues Pull Requests Releases Activity
IMA/EVM support utilities
74 Commits 8 Branches 26 Tags 195 KiB
be4e836e2f
Go to file
Coiby Xu be4e836e2f ima-add-sigs: Verify added IMA signature in case the file gets changed 
Resolves: https://issues.redhat.com/browse/RHEL-100320

Upstream: Fedora
Conflict: None

Some IMA signatures from the RPM database may fail the verification
because they can be changed. For examples, the following files on F41
can't pass IMA signature verification,

    /usr/lib64/gconv/gconv-modules.cache
    /boot/grub2/grubenv
    /var/lib/selinux/targeted/active/commit_num
    /var/lib/selinux/targeted/active/file_contexts
    /etc/ssh/sshd_config
    /etc/yum.repos.d/fedora-updates.repo
    /etc/yum.repos.d/fedora.repo
    /etc/group
    /etc/gshadow

The kernel ima=fix mode won't generate IMA hash reference value for
files with IMA signature. As a result, users can be denied the access to
some files. So remove security.ima if a file fail the verification.
2025-07-31 09:12:10 +08:00
tests initial gating tests 2024-04-09 11:03:52 -04:00
.gitignore v1.3 2020-07-26 13:51:27 +01:00
centosimarelease-10.der Add IMA code signing certs 2024-11-08 10:58:05 +08:00
dracut-98-integrity.conf Add some IMA setup tools 2024-11-08 10:58:05 +08:00
gating.yaml initial gating tests 2024-04-09 11:03:52 -04:00
ima-add-sigs.sh ima-add-sigs: Verify added IMA signature in case the file gets changed 2025-07-31 09:12:10 +08:00
ima-evm-utils.spec Release 1.6.2-2 2025-03-10 12:26:19 +08:00
ima-setup.sh ima-setup: fix two shellcheck warnings 2025-03-06 16:59:13 +08:00
policy_list Skip some file systems for appraisal 2024-11-08 10:58:05 +08:00
policy-01-appraise-executable-and-lib-signatures Skip some file systems for appraisal 2024-11-08 10:58:05 +08:00
policy-02-keylime-remote-attestation Add some IMA setup tools 2024-11-08 10:58:05 +08:00
redhatimarelease-10.der Add IMA code signing certs 2024-11-08 10:58:05 +08:00
sources Update to upstream 1.6.2 2024-11-15 17:17:26 +08:00