Hi, everyone
I built the secure boot IMA-EVM images with flex-builder. (I did not load the images in target yet.)
Do the all files in rootfs contain "security.ima" and "security.evm" attributes?
How can I select the files to adopt "IMA-EVM" and the files not to adopt "IMA-EVM"?
For example, I wish "/etc/network/interfaces" file not to use the authentication method,
because I want to modify the contents of the file in run time.
Thanks in advance.
JeongHwan Kim
Solved! Go to Solution.
LSDK uses default IMA apprise policy which appraises all files owned by root.
Using a custom IMA policy allows more fine-grained control. Refer to IMA
Wiki and IMA appraisal policy documentation for more details:
https://sourceforge.net/p/linux-ima/wiki/Home/#understanding-the-ima-appraisal-policy
Hope this helps,
Platon
LSDK uses default IMA apprise policy which appraises all files owned by root.
Using a custom IMA policy allows more fine-grained control. Refer to IMA
Wiki and IMA appraisal policy documentation for more details:
https://sourceforge.net/p/linux-ima/wiki/Home/#understanding-the-ima-appraisal-policy
Hope this helps,
Platon