ff4acbb939
Related: RHEL-11866 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
45 lines
1.8 KiB
Diff
45 lines
1.8 KiB
Diff
diff --git a/keylime/cloud_verifier_common.py b/keylime/cloud_verifier_common.py
|
|
index a7399d2..c0f416d 100644
|
|
--- a/keylime/cloud_verifier_common.py
|
|
+++ b/keylime/cloud_verifier_common.py
|
|
@@ -8,7 +8,7 @@ from keylime.agentstates import AgentAttestState, AgentAttestStates, TPMClockInf
|
|
from keylime.common import algorithms
|
|
from keylime.db.verifier_db import VerfierMain
|
|
from keylime.failure import Component, Event, Failure
|
|
-from keylime.ima import file_signatures
|
|
+from keylime.ima import file_signatures, ima
|
|
from keylime.ima.types import RuntimePolicyType
|
|
from keylime.tpm import tpm_util
|
|
from keylime.tpm.tpm_main import Tpm
|
|
@@ -271,7 +271,7 @@ def process_get_status(agent: VerfierMain) -> Dict[str, Any]:
|
|
logger.debug('The contents of the agent %s attribute "mb_refstate" are %s', agent.agent_id, agent.mb_refstate)
|
|
|
|
has_runtime_policy = 0
|
|
- if agent.ima_policy.generator and agent.ima_policy.generator > 1:
|
|
+ if agent.ima_policy.generator and agent.ima_policy.generator > ima.RUNTIME_POLICY_GENERATOR.EmptyAllowList:
|
|
has_runtime_policy = 1
|
|
|
|
response = {
|
|
diff --git a/keylime/cmd/create_policy.py b/keylime/cmd/create_policy.py
|
|
index 0841d64..086b92a 100755
|
|
--- a/keylime/cmd/create_policy.py
|
|
+++ b/keylime/cmd/create_policy.py
|
|
@@ -6,6 +6,7 @@ import argparse
|
|
import binascii
|
|
import collections
|
|
import copy
|
|
+import datetime
|
|
import gzip
|
|
import json
|
|
import multiprocessing
|
|
@@ -580,6 +581,9 @@ def main() -> None:
|
|
policy["excludes"] = sorted(list(set(policy["excludes"])))
|
|
policy["ima"]["ignored_keyrings"] = sorted(list(set(policy["ima"]["ignored_keyrings"])))
|
|
|
|
+ policy["meta"]["generator"] = ima.RUNTIME_POLICY_GENERATOR.LegacyAllowList
|
|
+ policy["meta"]["timestamp"] = str(datetime.datetime.now())
|
|
+
|
|
try:
|
|
ima.validate_runtime_policy(policy)
|
|
except ima.ImaValidationError as ex:
|