About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Documentation / ABI / testing / ima_policy




Custom Search

Based on kernel version 3.16. Page generated on 2014-08-06 21:35 EST.

1	What:		security/ima/policy
2	Date:		May 2008
3	Contact:	Mimi Zohar <zohar@us.ibm.com>
4	Description:
5			The Trusted Computing Group(TCG) runtime Integrity
6			Measurement Architecture(IMA) maintains a list of hash
7			values of executables and other sensitive system files
8			loaded into the run-time of this system.  At runtime,
9			the policy can be constrained based on LSM specific data.
10			Policies are loaded into the securityfs file ima/policy
11			by opening the file, writing the rules one at a time and
12			then closing the file.  The new policy takes effect after
13			the file ima/policy is closed.
14	
15			IMA appraisal, if configured, uses these file measurements
16			for local measurement appraisal.
17	
18			rule format: action [condition ...]
19	
20			action: measure | dont_measure | appraise | dont_appraise | audit
21			condition:= base | lsm  [option]
22				base:	[[func=] [mask=] [fsmagic=] [fsuuid=] [uid=]
23					 [fowner]]
24				lsm:	[[subj_user=] [subj_role=] [subj_type=]
25					 [obj_user=] [obj_role=] [obj_type=]]
26				option:	[[appraise_type=]] [permit_directio]
27	
28			base: 	func:= [BPRM_CHECK][MMAP_CHECK][FILE_CHECK][MODULE_CHECK]
29				mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
30				fsmagic:= hex value
31				fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6)
32				uid:= decimal value
33				fowner:=decimal value
34			lsm:  	are LSM specific
35			option:	appraise_type:= [imasig]
36	
37			default policy:
38				# PROC_SUPER_MAGIC
39				dont_measure fsmagic=0x9fa0
40				dont_appraise fsmagic=0x9fa0
41				# SYSFS_MAGIC
42				dont_measure fsmagic=0x62656572
43				dont_appraise fsmagic=0x62656572
44				# DEBUGFS_MAGIC
45				dont_measure fsmagic=0x64626720
46				dont_appraise fsmagic=0x64626720
47				# TMPFS_MAGIC
48				dont_measure fsmagic=0x01021994
49				dont_appraise fsmagic=0x01021994
50				# RAMFS_MAGIC
51				dont_measure fsmagic=0x858458f6
52				dont_appraise fsmagic=0x858458f6
53				# SECURITYFS_MAGIC
54				dont_measure fsmagic=0x73636673
55				dont_appraise fsmagic=0x73636673
56	
57				measure func=BPRM_CHECK
58				measure func=FILE_MMAP mask=MAY_EXEC
59				measure func=FILE_CHECK mask=MAY_READ uid=0
60				measure func=MODULE_CHECK uid=0
61				appraise fowner=0
62	
63			The default policy measures all executables in bprm_check,
64			all files mmapped executable in file_mmap, and all files
65			open for read by root in do_filp_open.  The default appraisal
66			policy appraises all files owned by root.
67	
68			Examples of LSM specific definitions:
69	
70			SELinux:
71				# SELINUX_MAGIC
72				dont_measure fsmagic=0xf97cff8c
73				dont_appraise fsmagic=0xf97cff8c
74	
75				dont_measure obj_type=var_log_t
76				dont_appraise obj_type=var_log_t
77				dont_measure obj_type=auditd_log_t
78				dont_appraise obj_type=auditd_log_t
79				measure subj_user=system_u func=FILE_CHECK mask=MAY_READ
80				measure subj_role=system_r func=FILE_CHECK mask=MAY_READ
81	
82			Smack:
83				measure subj_user=_ func=FILE_CHECK mask=MAY_READ
Hide Line Numbers
About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Information is copyright its respective author. All material is available from the Linux Kernel Source distributed under a GPL License. This page is provided as a free service by mjmwired.net.