| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If an RPM contains IMA signed digests and rpm-plugin-ima is installed,
then any attempt to install to a filesystem that doesn't support
extended attributes will cause the RPM installation to fail.
This can be seen, for example, if installing a file /boot, which is
usually a vFAT filesystem.
The rpm-plugin for selinux fixed this some time back, and that same
logic can be applied to IMA too - where, if a failure to set an extended
attribute results in an errno that is set to EOPNOTSUPP, then this
should not cause a complete failure, but should instead just be logged
at a debug level.
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Sadly the thing that allegedly makes things better mostly just makes
things more complicated as symlinks can't be opened, so we'll now have
to deal with both cases in plugins too. To make matters worse, most
APIs out there support either an fd or a path, but very few support
the *at() style dirfd + basename approach so plugins are stuck with
absolute paths for now.
This is of course a plugin API/ABI change too.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Even though config files may be close to what could be described as
'mutuable files', we now want to give the user control over the
installation of signatures on these files as well. We enable this
through a variable in the macro file. For this, we should be aware
that the signatures of these files may become incorrect or missing
once RPM post installation scripts or other programs have modified
these configuration files.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently, there is no harm if config.h is not included in these files
because they are not sensitive to macros defined in config.h, but any
code added later or any plugin created using these plugins as examples
might be affected by these macros and therefore has to include config.h.
An example of bug when this header is not included properly can be seen
in the previous commit.
Signed-off-by: Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
|
| |
|
|
|
|
|
|
|
|
| |
Since newly installed files may be invoked by post install scriptlets,
we need to have them signed before the scriptlets are executed.
Therefore, we now move the IMA plugin to the fsm_file_prepare hook.
This way we can also correctly handle skipped files without silencing
away any errors from lsetxattr().
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Some configuration files are executables and so they require the
signature in the extended attribute. If they are not executable,
they can be skipped.
Examples for configuration files that are also executables are
the grub files in /etc/grub.d.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Do not try to convert a zero-length file digest to a binary representation.
Zero-length file digests may stem from directory entries and symbolic links.
Return an empty signature in this case.
Returning an empty signature results in the ima.so plugin getting a sequence
of zeroes that it would write into security.ima xattr. Check for a signature
header consisting of only zeroes and do not write it into the filesystem.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
| |
Only the first file signature was getting installed. rpmfiNext returns
the next file iterator index and -1 on termination. Now the loop correctly
terminates only when rpmfiNext return value is negative.
|
|
|
This plugin extracts file signatures from rpmfiles and writes them to
security.ima xattr. Only non-config file signatures are installed.
Changelog:
- use rpmfi instead of rpmfiles
- use rpmfiFN instead of fsmFsPath
Signed-off-by: Lubos Kardos <lkardos@redhat.com>
|
