From cc754f8e8fc67ebae3dcd5e170cecd1c3b7fc60f Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Sat, 25 May 2019 23:04:32 -0700 Subject: ima_policy_simple: add another sample policy Signed-off-by: Armin Kuster --- .../ima_policy_simple/files/ima_policy_simple | 4 ++++ .../ima_policy_simple/ima-policy-simple_1.0.bb | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple create mode 100644 meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb diff --git a/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple b/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple new file mode 100644 index 0000000..38ca8f5 --- /dev/null +++ b/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple @@ -0,0 +1,4 @@ +# Very simple policy demonstrating the systemd policy loading bug +# (policy with one line works, two lines don't). +dont_appraise fsmagic=0x9fa0 +dont_appraise fsmagic=0x62656572 diff --git a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb new file mode 100644 index 0000000..17132aa --- /dev/null +++ b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb @@ -0,0 +1,18 @@ +SUMMARY = "IMA sample simple policy" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +# This policy file will get installed as /etc/ima/ima-policy. +# It is located via the normal file search path, so a .bbappend +# to this recipe can just point towards one of its own files. +IMA_POLICY ?= "ima_policy_simple" + +SRC_URI = " file://${IMA_POLICY}" + +do_install () { + install -d ${D}/${sysconfdir}/ima + install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy +} + +FILES_${PN} = "${sysconfdir}/ima" +RDEPENDS_${PN} = "ima-evm-utils" -- cgit v1.2.3-54-g00ecf