3 # Init file for the IMA
8 # config: /etc/measure.selinux
19 echo $"Usage: $0 {start | stop}"
24 if [ "$1" = "start" ] ; then
25 echo $"Starting $msg_prefix "
27 # securityfs must be enabled and mounted
28 SECURITYFS=`mount | grep securityfs`
30 SECURITYFS=/sys/kernel/security
31 `mount -t securityfs securityfs $SECURITYFS`
33 echo "$msg_prefix Cannot execute test as "
34 "securityfs not enabled in kernel"
38 echo 'securityfs: ' $SECURITYFS
39 SECURITYFS=`echo $SECURITYFS | sed 's/securityfs on //' | sed 's/ type .*//'`
40 IMA_POLICY=$SECURITYFS/ima/policy
41 echo 'IMA_POLICY:' $IMA_POLICY
44 LSM_POLICY=/etc/measure.selinux
45 #LSM_POLICY=/etc/measure.smack
47 if [ ! -f $LSM_POLICY ]; then
48 echo "LSM specific policy does not exist"
52 if [ ! -f $IMA_POLICY ]; then
53 echo "$msg_prefix security/ima/policy does not exist"
59 echo "$msg_prefix open failed: security/ima/policy"
62 cat $LSM_POLICY | while read line ; do
63 if [ "${line:0:1}" != "#" ] ; then
68 echo "$msg_prefix security/ima/policy updated"
72 if [ "$1" = "stop" ] ; then