Understanding fsuuid policy rule for appraisal and exclusion

Understanding fsuuid policy rule for appraisal and exclusion

[rishi gupta]

Hi Team,

I set the policy for IMA as follows. (1) Files in partition B will be
appraised or not if its UUID is not yyyy-yy-yy-yy. (2) Do files in
partition C only will be appraised irrespective of whatever rule is
written for other partitions.

My goal is to include a partition and exclude all other partitions.

# Exclude partition A
dont_measure fsuuid=xxxx-xx-xx-xx
dont_appraise fsuuid=xxxx-xx-xx-xx

# Exclude partition B (Problem here)
dont_measure fsuuid=yyyy-yy-yy-yy
dont_appraise fsuuid=yyyy-yy-yy-yy

# Appraise partition C
appraise fsuuid=zzzz-zz-zz-zz appraise_type=imasig

Regards,
Rishi

Re: Understanding fsuuid policy rule for appraisal and exclusion

[Mimi Zohar]

On Tue, 2019-01-29 at 14:21 +0530, rishi gupta wrote:
> Hi Team,
> 
> I set the policy for IMA as follows. (1) Files in partition B will be
> appraised or not if its UUID is not yyyy-yy-yy-yy. (2) Do files in
> partition C only will be appraised irrespective of whatever rule is
> written for other partitions.
> 
> My goal is to include a partition and exclude all other partitions.
> 
> # Exclude partition A
> dont_measure fsuuid=xxxx-xx-xx-xx
> dont_appraise fsuuid=xxxx-xx-xx-xx
> 
> # Exclude partition B (Problem here)
> dont_measure fsuuid=yyyy-yy-yy-yy
> dont_appraise fsuuid=yyyy-yy-yy-yy
> 
> # Appraise partition C
> appraise fsuuid=zzzz-zz-zz-zz appraise_type=imasig

Are you having problems with these policy rules?  Policy rules are
handled sequentially.  Just make sure these rules are before any of
the other "appraise" rules.

Mimi

Re: Understanding fsuuid policy rule for appraisal and exclusion

[rishi gupta]

Yes, I am having problem as I am not able to validate IMA
implementation on my device.
Basically, uuid of partition B is not yyyy-yy-yy-yy and therefore I am
not able to conclude whether it will be appraised or not.

If no rule is written for any partition is it appraised ?


On Wed, Jan 30, 2019 at 12:08 AM Mimi Zohar <zohar@linux.ibm.com> wrote:
>
> On Tue, 2019-01-29 at 14:21 +0530, rishi gupta wrote:
> > Hi Team,
> >
> > I set the policy for IMA as follows. (1) Files in partition B will be
> > appraised or not if its UUID is not yyyy-yy-yy-yy. (2) Do files in
> > partition C only will be appraised irrespective of whatever rule is
> > written for other partitions.
> >
> > My goal is to include a partition and exclude all other partitions.
> >
> > # Exclude partition A
> > dont_measure fsuuid=xxxx-xx-xx-xx
> > dont_appraise fsuuid=xxxx-xx-xx-xx
> >
> > # Exclude partition B (Problem here)
> > dont_measure fsuuid=yyyy-yy-yy-yy
> > dont_appraise fsuuid=yyyy-yy-yy-yy
> >
> > # Appraise partition C
> > appraise fsuuid=zzzz-zz-zz-zz appraise_type=imasig
>
> Are you having problems with these policy rules?  Policy rules are
> handled sequentially.  Just make sure these rules are before any of
> the other "appraise" rules.
>
> Mimi
>

Re: Understanding fsuuid policy rule for appraisal and exclusion

[Mimi Zohar]

(Bottom post please.)

On Wed, 2019-01-30 at 19:08 +0530, rishi gupta wrote:
> Yes, I am having problem as I am not able to validate IMA
> implementation on my device.
> Basically, uuid of partition B is not yyyy-yy-yy-yy and therefore I am
> not able to conclude whether it will be appraised or not.
> 
> If no rule is written for any partition is it appraised ?

That's dependent on the rest of the policy rules.  Without an appraise
rule, nothing is appraised.

Mimi

Re: Understanding fsuuid policy rule for appraisal and exclusion

[rishi gupta]

Thanks I understood, only explicitly specified file using "appraise"
is actually verified.
One more thing, where can I find evmtest source code.

On Wed, Jan 30, 2019 at 7:24 PM Mimi Zohar <zohar@linux.ibm.com> wrote:
>
> (Bottom post please.)
>
> On Wed, 2019-01-30 at 19:08 +0530, rishi gupta wrote:
> > Yes, I am having problem as I am not able to validate IMA
> > implementation on my device.
> > Basically, uuid of partition B is not yyyy-yy-yy-yy and therefore I am
> > not able to conclude whether it will be appraised or not.
> >
> > If no rule is written for any partition is it appraised ?
>
> That's dependent on the rest of the policy rules.  Without an appraise
> rule, nothing is appraised.
>
> Mimi
>