aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster808@gmail.com>2019-05-25 23:04:32 -0700
committerArmin Kuster <akuster808@gmail.com>2019-05-28 07:38:52 -0700
commit1293478068e6a1b5f53d160fc7f4e06bd8c27039 (patch)
treea1970071ea4a8c419a9404d4ec0aadad2514cb0b
parentc84f39f8e09aabb479f7157765c3e3085c1e1109 (diff)
downloadmeta-security-1293478068e6a1b5f53d160fc7f4e06bd8c27039.tar.gz
meta-security-1293478068e6a1b5f53d160fc7f4e06bd8c27039.tar.bz2
meta-security-1293478068e6a1b5f53d160fc7f4e06bd8c27039.zip
ima_policy_simple: add another sample policy
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple4
-rw-r--r--meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb18
2 files changed, 22 insertions, 0 deletions
diff --git a/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple b/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple
new file mode 100644
index 0000000..38ca8f5
--- /dev/null
+++ b/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple
@@ -0,0 +1,4 @@
+# Very simple policy demonstrating the systemd policy loading bug
+# (policy with one line works, two lines don't).
+dont_appraise fsmagic=0x9fa0
+dont_appraise fsmagic=0x62656572
diff --git a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
new file mode 100644
index 0000000..17132aa
--- /dev/null
+++ b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
@@ -0,0 +1,18 @@
+SUMMARY = "IMA sample simple policy"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+# This policy file will get installed as /etc/ima/ima-policy.
+# It is located via the normal file search path, so a .bbappend
+# to this recipe can just point towards one of its own files.
+IMA_POLICY ?= "ima_policy_simple"
+
+SRC_URI = " file://${IMA_POLICY}"
+
+do_install () {
+ install -d ${D}/${sysconfdir}/ima
+ install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy
+}
+
+FILES_${PN} = "${sysconfdir}/ima"
+RDEPENDS_${PN} = "ima-evm-utils"