ima: Fix the ima_policy_appraise_all to appraise executables & libraries

Fix the ima_policy_appraise_all policy to appraise all executables and libraries. Also update the list of files that are not appraised to not appraise cgroup related files. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Stefan Berger <stefanb@linux.ibm.com> 2023-04-28 08:23:10 -0400
committer: Armin Kuster <akuster808@gmail.com> 2023-05-06 07:54:09 -0400
commit: cb8f26d82a35ba56f3bd40cd6ba105de03602a4b (patch)
tree: c348b63ea9b558e3baf94177c1a58829248e0450
parent: 0652c9fd7496d021f91759cc7489b6faad3e04bd (diff)
download: meta-security-cb8f26d82a35ba56f3bd40cd6ba105de03602a4b.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all b/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all
index 36e71a7..3498025 100644
--- a/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all
+++ b/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all
@@ -25,5 +25,12 @@ dont_appraise fsmagic=0xf97cff8c
 dont_appraise fsmagic=0x6e736673
 # EFIVARFS_MAGIC
 dont_appraise fsmagic=0xde5e81e4
+# Cgroup
+dont_appraise fsmagic=0x27e0eb
+# Cgroup2
+dont_appraise fsmagic=0x63677270
-appraise
+# Appraise libraries
+appraise func=MMAP_CHECK mask=MAY_EXEC
+# Appraise executables
+appraise func=BPRM_CHECK
author	Stefan Berger <stefanb@linux.ibm.com>	2023-04-28 08:23:10 -0400
committer	Armin Kuster <akuster808@gmail.com>	2023-05-06 07:54:09 -0400
commit	cb8f26d82a35ba56f3bd40cd6ba105de03602a4b (patch)
tree	c348b63ea9b558e3baf94177c1a58829248e0450
parent	0652c9fd7496d021f91759cc7489b6faad3e04bd (diff)
download	meta-security-cb8f26d82a35ba56f3bd40cd6ba105de03602a4b.tar.gz

diff --git a/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all b/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all index 36e71a7..3498025 100644 --- a/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all +++ b/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all
@@ -25,5 +25,12 @@ dont_appraise fsmagic=0xf97cff8c
25	dont_appraise fsmagic=0x6e736673	25	dont_appraise fsmagic=0x6e736673
26	# EFIVARFS_MAGIC	26	# EFIVARFS_MAGIC
27	dont_appraise fsmagic=0xde5e81e4	27	dont_appraise fsmagic=0xde5e81e4
		28	# Cgroup
		29	dont_appraise fsmagic=0x27e0eb
		30	# Cgroup2
		31	dont_appraise fsmagic=0x63677270
28		32
29	appraise	33	# Appraise libraries
		34	appraise func=MMAP_CHECK mask=MAY_EXEC
		35	# Appraise executables
		36	appraise func=BPRM_CHECK