lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Aug 2020 09:14:16 -0700 From: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com> To: Stephen Smalley <stephen.smalley.work@...il.com>, zohar@...ux.ibm.com, casey@...aufler-ca.com Cc: tyhicks@...ux.microsoft.com, sashal@...nel.org, jmorris@...ei.org, linux-integrity@...r.kernel.org, selinux@...r.kernel.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v5 3/4] LSM: Define SELinux function to measure state and policy On 8/3/20 8:11 AM, Stephen Smalley wrote: > > Possibly I'm missing something but with these patches applied on top of > next-integrity, and the following lines added to /etc/ima/ima-policy: > > measure func=LSM_STATE template=ima-buf > measure func=LSM_POLICY > > I still don't get the selinux-state or selinux-policy-hash entries in > the ascii_runtime_measurements file. No errors during loading of the > ima policy as far as I can see. > Could you please check if the following config is set? CONFIG_IMA_QUEUE_EARLY_BOOT_DATA=y Try changing /sys/fs/selinux/checkreqprot and check ascii_runtime_measurements file again? Also, could you please check if /sys/kernel/security/integrity/ima/policy contains LSM_STATE and LSM_POLICY entries? -lakshmi
Powered by blists - more mailing lists