* How to better control IMA module?
@ 2021-07-02 23:41 Xiaolong Wang
0 siblings, 0 replies; only message in thread
From: Xiaolong Wang @ 2021-07-02 23:41 UTC (permalink / raw)
To: kernelnewbies
Hi all,
I have a question regard to kernel IMA module. I’ve enabled IMA on one of my Linux server with `ima=on ima_policy=tcb` everything seems working fine. The only issue is that after about a week the `/sys/kernel/security/ima/ascii_runtime_measurements` grow out of control. As for now I have about 80K items in the file. I also have a customized attestation application that compares the runtime measurements with a list of known “good” measurements. this size of runtime measurements make it substantially long to run the attestation application.
Is there a way to limit the size of the `/sys/kernel/security/ima/ascii_runtime_measurements` (not ideal, since some important info might get lost)
Is there a way to clean the items in `/sys/kernel/security/ima/ascii_runtime_measurements` (also not ideal, for the same reason as above)
Is there a way to control which file the kernel measures (e.g., I found lot of /tmp files are measured which are not necessary)
Will the kernel running out of memory?
Any suggestions will be deeply appreciated!
Thank you
-Daniel
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-07-02 23:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-07-02 23:41 How to better control IMA module? Xiaolong Wang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).