Message ID | 20230509185631.3182570-7-jose.quaresma@foundries.io |
---|---|
State | New |
Headers | show |
Series | [meta-security,1/8] Revert "ima-evm-utils: Update ima-evm-utils to v1.5 and add a patch" | expand |
diff --git a/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all b/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all index 3498025..36e71a7 100644 --- a/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all +++ b/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all @@ -25,12 +25,5 @@ dont_appraise fsmagic=0xf97cff8c dont_appraise fsmagic=0x6e736673 # EFIVARFS_MAGIC dont_appraise fsmagic=0xde5e81e4 -# Cgroup -dont_appraise fsmagic=0x27e0eb -# Cgroup2 -dont_appraise fsmagic=0x63677270 -# Appraise libraries -appraise func=MMAP_CHECK mask=MAY_EXEC -# Appraise executables -appraise func=BPRM_CHECK +appraise
This reverts commit cb8f26d82a35ba56f3bd40cd6ba105de03602a4b. The full patchset are overriding the do_configure task and also added a kernel patch on meta-integrity/recipes-kernel/linux/linux_ima.inc and this file is included in every recipe that follows the pattern pattern starting by linux- (recipes-kernel/linux/linux-%.bbappend). So the patch fails in some recipes and also do_configure task doesn't make sense. This breaks many recipes like linux-firmware and maybe others. Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> --- .../files/ima_policy_appraise_all | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-)