integrity: enable policy rule for restricting hash algo (!672) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Bruno Meneguele requested to merge bmeneg/centos-stream-9:ima-algo-policy into main Apr 04, 2022

Bugzilla: https://bugzilla.redhat.com/2063913
Tested: locally adding the new policy rule option manually at runtime to
/sys/kernel/security/integrity/ima/policy, hashing a random file and
checking the audit log. See BZ for more details.

Allow the user to specify which hash algorithms are viable for file
measurement and appraisal. The effort of removing weak algorithms from CS9
can benefit from this feature by installing a specific system policy with
the allowed hash algorithms.

Signed-off-by: Bruno Meneguele bmeneg@redhat.com

Edited Apr 05, 2022 by Bruno Meneguele

integrity: enable policy rule for restricting hash algo

Merge request reports