diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/Makefile.am | 4 | ||||
-rw-r--r-- | plugins/ima.c | 51 |
2 files changed, 55 insertions, 0 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 53b24500a..5ddc174bf 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -31,3 +31,7 @@ endif syslog_la_SOURCES = syslog.c syslog_la_LIBADD = $(top_builddir)/lib/librpm.la $(top_builddir)/rpmio/librpmio.la plugins_LTLIBRARIES += syslog.la + +ima_la_sources = ima.c +ima_la_LIBADD = $(top_builddir)/lib/librpm.la $(top_builddir)/rpmio/librpmio.la +plugins_LTLIBRARIES += ima.la diff --git a/plugins/ima.c b/plugins/ima.c new file mode 100644 index 000000000..ccd59a412 --- /dev/null +++ b/plugins/ima.c @@ -0,0 +1,51 @@ +#include <sys/xattr.h> + +#include <rpm/rpmfi.h> +#include <rpm/rpmte.h> +#include <rpm/rpmfiles.h> +#include <rpm/rpmtypes.h> +#include <rpmio/rpmstring.h> + +#include "lib/rpmfs.h" +#include "lib/rpmplugin.h" +#include "lib/rpmte_internal.h" + +#define XATTR_NAME_IMA "security.ima" + +static rpmRC ima_psm_post(rpmPlugin plugin, rpmte te, int res) +{ + rpmfi fi = rpmteFI(te); + const char *fpath; + const unsigned char * fsig = NULL; + size_t len; + int rc = 0; + + if (fi == NULL) { + rc = RPMERR_BAD_MAGIC; + goto exit; + } + + while (!rc) { + rc = rpmfiNext(fi); + if (rc < 0) { + if (rc == RPMERR_ITER_END) + rc = 0; + break; + } + + /* Don't install signatures for (mutable) config files */ + if (!(rpmfiFFlags(fi) & RPMFILE_CONFIG)) { + fpath = rpmfiFN(fi); + fsig = rpmfiFSignature(fi, &len); + if (fsig) { + lsetxattr(fpath, XATTR_NAME_IMA, fsig, len, 0); + } + } + } +exit: + return rc; +} + +struct rpmPluginHooks_s ima_hooks = { + .psm_post = ima_psm_post, +}; |