* Understanding fsuuid policy rule for appraisal and exclusion
@ 2019-01-29 8:51 rishi gupta
2019-01-29 18:37 ` Mimi Zohar
0 siblings, 1 reply; 5+ messages in thread
From: rishi gupta @ 2019-01-29 8:51 UTC (permalink / raw)
To: linux-integrity
Hi Team,
I set the policy for IMA as follows. (1) Files in partition B will be
appraised or not if its UUID is not yyyy-yy-yy-yy. (2) Do files in
partition C only will be appraised irrespective of whatever rule is
written for other partitions.
My goal is to include a partition and exclude all other partitions.
# Exclude partition A
dont_measure fsuuid=xxxx-xx-xx-xx
dont_appraise fsuuid=xxxx-xx-xx-xx
# Exclude partition B (Problem here)
dont_measure fsuuid=yyyy-yy-yy-yy
dont_appraise fsuuid=yyyy-yy-yy-yy
# Appraise partition C
appraise fsuuid=zzzz-zz-zz-zz appraise_type=imasig
Regards,
Rishi
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Understanding fsuuid policy rule for appraisal and exclusion
2019-01-29 8:51 Understanding fsuuid policy rule for appraisal and exclusion rishi gupta
@ 2019-01-29 18:37 ` Mimi Zohar
2019-01-30 13:38 ` rishi gupta
0 siblings, 1 reply; 5+ messages in thread
From: Mimi Zohar @ 2019-01-29 18:37 UTC (permalink / raw)
To: rishi gupta, linux-integrity
On Tue, 2019-01-29 at 14:21 +0530, rishi gupta wrote:
> Hi Team,
>
> I set the policy for IMA as follows. (1) Files in partition B will be
> appraised or not if its UUID is not yyyy-yy-yy-yy. (2) Do files in
> partition C only will be appraised irrespective of whatever rule is
> written for other partitions.
>
> My goal is to include a partition and exclude all other partitions.
>
> # Exclude partition A
> dont_measure fsuuid=xxxx-xx-xx-xx
> dont_appraise fsuuid=xxxx-xx-xx-xx
>
> # Exclude partition B (Problem here)
> dont_measure fsuuid=yyyy-yy-yy-yy
> dont_appraise fsuuid=yyyy-yy-yy-yy
>
> # Appraise partition C
> appraise fsuuid=zzzz-zz-zz-zz appraise_type=imasig
Are you having problems with these policy rules? Policy rules are
handled sequentially. Just make sure these rules are before any of
the other "appraise" rules.
Mimi
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Understanding fsuuid policy rule for appraisal and exclusion
2019-01-29 18:37 ` Mimi Zohar
@ 2019-01-30 13:38 ` rishi gupta
2019-01-30 13:53 ` Mimi Zohar
0 siblings, 1 reply; 5+ messages in thread
From: rishi gupta @ 2019-01-30 13:38 UTC (permalink / raw)
To: Mimi Zohar; +Cc: linux-integrity
Yes, I am having problem as I am not able to validate IMA
implementation on my device.
Basically, uuid of partition B is not yyyy-yy-yy-yy and therefore I am
not able to conclude whether it will be appraised or not.
If no rule is written for any partition is it appraised ?
On Wed, Jan 30, 2019 at 12:08 AM Mimi Zohar <zohar@linux.ibm.com> wrote:
>
> On Tue, 2019-01-29 at 14:21 +0530, rishi gupta wrote:
> > Hi Team,
> >
> > I set the policy for IMA as follows. (1) Files in partition B will be
> > appraised or not if its UUID is not yyyy-yy-yy-yy. (2) Do files in
> > partition C only will be appraised irrespective of whatever rule is
> > written for other partitions.
> >
> > My goal is to include a partition and exclude all other partitions.
> >
> > # Exclude partition A
> > dont_measure fsuuid=xxxx-xx-xx-xx
> > dont_appraise fsuuid=xxxx-xx-xx-xx
> >
> > # Exclude partition B (Problem here)
> > dont_measure fsuuid=yyyy-yy-yy-yy
> > dont_appraise fsuuid=yyyy-yy-yy-yy
> >
> > # Appraise partition C
> > appraise fsuuid=zzzz-zz-zz-zz appraise_type=imasig
>
> Are you having problems with these policy rules? Policy rules are
> handled sequentially. Just make sure these rules are before any of
> the other "appraise" rules.
>
> Mimi
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Understanding fsuuid policy rule for appraisal and exclusion
2019-01-30 13:38 ` rishi gupta
@ 2019-01-30 13:53 ` Mimi Zohar
2019-02-05 5:28 ` rishi gupta
0 siblings, 1 reply; 5+ messages in thread
From: Mimi Zohar @ 2019-01-30 13:53 UTC (permalink / raw)
To: rishi gupta; +Cc: linux-integrity
(Bottom post please.)
On Wed, 2019-01-30 at 19:08 +0530, rishi gupta wrote:
> Yes, I am having problem as I am not able to validate IMA
> implementation on my device.
> Basically, uuid of partition B is not yyyy-yy-yy-yy and therefore I am
> not able to conclude whether it will be appraised or not.
>
> If no rule is written for any partition is it appraised ?
That's dependent on the rest of the policy rules. Without an appraise
rule, nothing is appraised.
Mimi
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Understanding fsuuid policy rule for appraisal and exclusion
2019-01-30 13:53 ` Mimi Zohar
@ 2019-02-05 5:28 ` rishi gupta
0 siblings, 0 replies; 5+ messages in thread
From: rishi gupta @ 2019-02-05 5:28 UTC (permalink / raw)
To: Mimi Zohar; +Cc: linux-integrity
Thanks I understood, only explicitly specified file using "appraise"
is actually verified.
One more thing, where can I find evmtest source code.
On Wed, Jan 30, 2019 at 7:24 PM Mimi Zohar <zohar@linux.ibm.com> wrote:
>
> (Bottom post please.)
>
> On Wed, 2019-01-30 at 19:08 +0530, rishi gupta wrote:
> > Yes, I am having problem as I am not able to validate IMA
> > implementation on my device.
> > Basically, uuid of partition B is not yyyy-yy-yy-yy and therefore I am
> > not able to conclude whether it will be appraised or not.
> >
> > If no rule is written for any partition is it appraised ?
>
> That's dependent on the rest of the policy rules. Without an appraise
> rule, nothing is appraised.
>
> Mimi
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-02-05 5:29 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-29 8:51 Understanding fsuuid policy rule for appraisal and exclusion rishi gupta
2019-01-29 18:37 ` Mimi Zohar
2019-01-30 13:38 ` rishi gupta
2019-01-30 13:53 ` Mimi Zohar
2019-02-05 5:28 ` rishi gupta
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).