diff mbox series

[meta-security,7/8] Revert "ima: Fix the ima_policy_appraise_all to appraise executables & libraries"

Message ID 20230509185631.3182570-7-jose.quaresma@foundries.io
State New
Headers show
Series [meta-security,1/8] Revert "ima-evm-utils: Update ima-evm-utils to v1.5 and add a patch" | expand

Commit Message

Jose Quaresma May 9, 2023, 6:56 p.m. UTC 
This reverts commit cb8f26d82a35ba56f3bd40cd6ba105de03602a4b.

The full patchset are overriding the do_configure task and also added a kernel patch
on meta-integrity/recipes-kernel/linux/linux_ima.inc and this file is included
in every recipe that follows the pattern pattern starting by linux- (recipes-kernel/linux/linux-%.bbappend).
So the patch fails in some recipes and also do_configure task doesn't make sense.
This breaks many recipes like linux-firmware and maybe others.

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
---
 .../files/ima_policy_appraise_all                        | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)
diff mbox series

Patch

diff --git a/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all b/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all
index 3498025..36e71a7 100644
--- a/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all
+++ b/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all
@@ -25,12 +25,5 @@  dont_appraise fsmagic=0xf97cff8c
 dont_appraise fsmagic=0x6e736673
 # EFIVARFS_MAGIC
 dont_appraise fsmagic=0xde5e81e4
-# Cgroup
-dont_appraise fsmagic=0x27e0eb
-# Cgroup2
-dont_appraise fsmagic=0x63677270
 
-# Appraise libraries
-appraise func=MMAP_CHECK mask=MAY_EXEC
-# Appraise executables
-appraise func=BPRM_CHECK
+appraise