dh/ima-evm-utils
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add "ima_clear" command to remove IMA/EVM xattrs

Browse Source 
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
This commit is contained in:
Dmitry Kasatkin 2014-10-29 21:37:24 +02:00
parent 4d7d2c71a5
commit 17f49a1881
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/evmctl.c
View File

@ -1121,6 +1121,19 @@ static int cmd_ima_fix(struct command *cmd)
return do_cmd(cmd, ima_fix);
}
static int ima_clear(const char *path)
{
log_info("%s\n", path);
lremovexattr(path, "security.ima");
lremovexattr(path, "security.evm");
return 0;
}
static int cmd_ima_clear(struct command *cmd)
{
return do_cmd(cmd, ima_clear);
}
static char *pcrs = "/sys/class/misc/tpm0/device/pcrs";
@ -1461,6 +1474,7 @@ struct command cmds[] = {
{"ima_hash", cmd_hash_ima, 0, "file", "Make file content hash.\n"},
{"ima_measurement", cmd_ima_measurement, 0, "file", "Verify measurement list (experimental).\n"},
{"ima_fix", cmd_ima_fix, 0, "[-t fdsxm] path", "Recursively fix IMA/EVM xattrs in fix mode.\n"},
{"ima_clear", cmd_ima_clear, 0, "[-t fdsxm] path", "Recursively remove IMA/EVM xattrs.\n"},
{"sign_hash", cmd_sign_hash, 0, "[--key key] [--pass password]", "Sign hashes from shaXsum output.\n"},
#ifdef DEBUG
{"hmac", cmd_hmac_evm, 0, "[--imahash | --imasig ] file", "Sign file metadata with HMAC using symmetric key (for testing purpose).\n"},