| # |
| # Integrity measure policy (http://sourceforge.net/p/linux-ima/wiki/Home/#measure-nothing-appraise-everything) |
| # |
| # Do not measure anything, but appraise everything |
| # |
| # PROC_SUPER_MAGIC |
| dont_appraise fsmagic=0x9fa0 |
| # SYSFS_MAGIC |
| dont_appraise fsmagic=0x62656572 |
| # DEBUGFS_MAGIC |
| dont_appraise fsmagic=0x64626720 |
| # TMPFS_MAGIC |
| dont_appraise fsmagic=0x01021994 |
| # RAMFS_MAGIC |
| dont_appraise fsmagic=0x858458f6 |
| # DEVPTS_SUPER_MAGIC |
| dont_appraise fsmagic=0x1cd1 |
| # BIFMT |
| dont_appraise fsmagic=0x42494e4d |
| # SECURITYFS_MAGIC |
| dont_appraise fsmagic=0x73636673 |
| # SELINUXFS_MAGIC |
| dont_appraise fsmagic=0xf97cff8c |
| # NSFS_MAGIC (introduced in 3.19, see cd025f7 and e149ed2 in the upstream Linux kernel) |
| dont_appraise fsmagic=0x6e736673 |
| # EFIVARFS_MAGIC |
| dont_appraise fsmagic=0xde5e81e4 |
| # Cgroup |
| dont_appraise fsmagic=0x27e0eb |
| # Cgroup2 |
| dont_appraise fsmagic=0x63677270 |
| |
| # Appraise libraries |
| appraise func=MMAP_CHECK mask=MAY_EXEC |
| # Appraise executables |
| appraise func=BPRM_CHECK |