dist/fedora.initrd.ima

   1 #!/bin/bash
   2 #
   3 # Init file for the IMA
   4 #
   5 # chkconfig: - 00 93
   6 # description: IMA
   7 #
   8 # config: /etc/measure.selinux
   9
  10
  11 msg_prefix="IMA: "
  12 echo "parm = $1"
  13 case "$1" in
  14    *start)
  15         ;;
  16    *stop)
  17         ;;
  18    *)
  19         echo $"Usage: $0 {start | stop}"
  20         exit 1
  21         ;;
  22 esac
  23
  24 if [ "$1" = "start" ] ; then
  25         echo $"Starting $msg_prefix "
  26
  27         # securityfs must be enabled and mounted
  28         SECURITYFS=`mount | grep securityfs`
  29         if [ $? == 1 ]; then
  30                 SECURITYFS=/sys/kernel/security
  31                 `mount -t securityfs securityfs $SECURITYFS`
  32                 if [ $? == 1 ]; then
  33                         echo "$msg_prefix Cannot execute test as "
  34                               "securityfs not enabled in kernel"
  35                         exit 1
  36                 fi
  37         fi
  38         echo 'securityfs: ' $SECURITYFS
  39         SECURITYFS=`echo $SECURITYFS |  sed 's/securityfs on //' | sed 's/ type .*//'`
  40         IMA_POLICY=$SECURITYFS/ima/policy
  41         echo 'IMA_POLICY:'  $IMA_POLICY
  42
  43         # LSM specific policy
  44         LSM_POLICY=/etc/measure.selinux
  45         #LSM_POLICY=/etc/measure.smack
  46
  47         if [ ! -f $LSM_POLICY ]; then
  48                 echo "LSM specific policy does not exist"
  49                 exit 1
  50         fi
  51
  52         if [ ! -f $IMA_POLICY ]; then
  53                 echo "$msg_prefix security/ima/policy does not exist"
  54                 exit 1
  55         fi
  56
  57         exec 4>$IMA_POLICY
  58         if [ $? != 0 ]; then
  59                 echo "$msg_prefix open failed: security/ima/policy"
  60                 exit 1
  61         else
  62                 cat $LSM_POLICY | while read line ; do
  63                         if [ "${line:0:1}" != "#" ] ; then
  64                                 echo $line
  65                                 echo $line >&4
  66                         fi
  67                 done
  68                 echo "$msg_prefix security/ima/policy updated"
  69         fi
  70 fi
  71
  72 if [ "$1" = "stop" ] ; then
  73         echo 'stop'
  74         `umount securityfs`
  75 fi
  76 echo 'exiting'
  77 exit 0
  78