ima-policy: enable policy check

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
author: Lans Zhang <jia.zhang@windriver.com> 2017-07-04 17:21:48 +0800
committer: Lans Zhang <jia.zhang@windriver.com> 2017-07-04 17:21:48 +0800
commit: a9e266c4810d46b0f844b326c74541982fe921f1 (patch)
tree: 5896d8c8f6292ce8294342796c2bc567598ac7b8
parent: b736677f3f3907be3231c85b1c94f7730bdba0cf (diff)
download: meta-secure-core-a9e266c4810d46b0f844b326c74541982fe921f1.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/meta-integrity/recipes-support/ima-policy/files/ima_policy.default b/meta-integrity/recipes-support/ima-policy/files/ima_policy.default
index 5d4ae47..d81c5b1 100644
--- a/meta-integrity/recipes-support/ima-policy/files/ima_policy.default
+++ b/meta-integrity/recipes-support/ima-policy/files/ima_policy.default
@@ -22,3 +22,6 @@ appraise func=BPRM_CHECK euid=0 appraise_type=imasig
 appraise func=MODULE_CHECK euid=0 appraise_type=imasig
 appraise func=FIRMWARE_CHECK euid=0 appraise_type=imasig
+# Enforce the coming policy write to be verified by IMA appraisal
+appraise func=POLICY_CHECK euid=0 appraise_type=imasig
author	Lans Zhang <jia.zhang@windriver.com>	2017-07-04 17:21:48 +0800
committer	Lans Zhang <jia.zhang@windriver.com>	2017-07-04 17:21:48 +0800
commit	a9e266c4810d46b0f844b326c74541982fe921f1 (patch)
tree	5896d8c8f6292ce8294342796c2bc567598ac7b8
parent	b736677f3f3907be3231c85b1c94f7730bdba0cf (diff)
download	meta-secure-core-a9e266c4810d46b0f844b326c74541982fe921f1.tar.gz

diff --git a/meta-integrity/recipes-support/ima-policy/files/ima_policy.default b/meta-integrity/recipes-support/ima-policy/files/ima_policy.default index 5d4ae47..d81c5b1 100644 --- a/meta-integrity/recipes-support/ima-policy/files/ima_policy.default +++ b/meta-integrity/recipes-support/ima-policy/files/ima_policy.default
@@ -22,3 +22,6 @@ appraise func=BPRM_CHECK euid=0 appraise_type=imasig
22	appraise func=MODULE_CHECK euid=0 appraise_type=imasig	22	appraise func=MODULE_CHECK euid=0 appraise_type=imasig
23		23
24	appraise func=FIRMWARE_CHECK euid=0 appraise_type=imasig	24	appraise func=FIRMWARE_CHECK euid=0 appraise_type=imasig
		25
		26	# Enforce the coming policy write to be verified by IMA appraisal
		27	appraise func=POLICY_CHECK euid=0 appraise_type=imasig