Add IMA support by reading hashes from file attributes.
Read hash from extended attributes
Display result in trust admin GUI
Document in user guide
from fapolicyd docs
The second mode is based on using IMA to calculate sha256 hashes and make them
available through extended attributes. This incurs only the overhead of calling
fgetxattr which is fast since there is no path name resolution. The file system
must support i_version. For XFS, this is enabled by default. For other file
systems, this means you need to add the i_version mount option. In either
case, IMA must be setup appropriately.
Taken in context this is an additive check for us. We currently check both file size and hash, which are independent integrity modes for fapolicyd. So this would be an additional concurrent check alongside those.
Add IMA support by reading hashes from file attributes.
from fapolicyd docs
Taken in context this is an additive check for us. We currently check both file size and hash, which are independent
integrity
modes for fapolicyd. So this would be an additional concurrent check alongside those.