diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-03 13:54:25 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-03 13:54:25 +0000 |
| commit | 9cb1c4df7b9ce1a9ad1312621b0f2b16a94fba3a (patch) | |
| tree | 2efb72864cc69e174c9c5ee33efb88a5f1553b48 /modules.d/98integrity/ima-policy-load.sh | |
| parent | Initial commit. (diff) | |
| download | dracut-9cb1c4df7b9ce1a9ad1312621b0f2b16a94fba3a.tar.xz dracut-9cb1c4df7b9ce1a9ad1312621b0f2b16a94fba3a.zip | |
Adding upstream version 060+5.upstream/060+5
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'modules.d/98integrity/ima-policy-load.sh')
| -rwxr-xr-x | modules.d/98integrity/ima-policy-load.sh | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/modules.d/98integrity/ima-policy-load.sh b/modules.d/98integrity/ima-policy-load.sh new file mode 100755 index 0000000..a1fbb4d --- /dev/null +++ b/modules.d/98integrity/ima-policy-load.sh @@ -0,0 +1,40 @@ +#!/bin/sh + +# Licensed under the GPLv2 +# +# Copyright (C) 2011 Politecnico di Torino, Italy +# TORSEC group -- http://security.polito.it +# Roberto Sassu <roberto.sassu@polito.it> + +IMASECDIR="${SECURITYFSDIR}/ima" +IMACONFIG="${NEWROOT}/etc/sysconfig/ima" +IMAPOLICY="/etc/sysconfig/ima-policy" + +load_ima_policy() { + # check kernel support for IMA + if [ ! -e "${IMASECDIR}" ]; then + if [ "${RD_DEBUG}" = "yes" ]; then + info "integrity: IMA kernel support is disabled" + fi + return 0 + fi + + # override the default configuration + # shellcheck disable=SC1090 + [ -f "${IMACONFIG}" ] \ + && . "${IMACONFIG}" + + # set the IMA policy path name + IMAPOLICYPATH="${NEWROOT}${IMAPOLICY}" + + # check the existence of the IMA policy file + [ -f "${IMAPOLICYPATH}" ] && { + info "Loading the provided IMA custom policy" + printf '%s' "${IMAPOLICYPATH}" > "${IMASECDIR}"/policy \ + || cat "${IMAPOLICYPATH}" > "${IMASECDIR}"/policy + } + + return 0 +} + +load_ima_policy |