Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-26477

RHCOS does not include RHEL-signed IMA signatures

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Undefined Undefined
    • None
    • 4.14
    • RHCOS
    • None
    • Important
    • No
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      In order to be able to perform local attestation to the integrity of files on a running RHCOS system, the IMA signatures from the RPMs should be installed as part of the image build.

      Version-Release number of selected component (if applicable):

      RHCOS

      How reproducible:

      100%

      Steps to Reproduce:

          1. Check a running RHCOS system for IMA signatures, for example: getfattr -m ^security -e hex --dump /usr/bin/bash

      Actual results:

      No security.ima attributes are present

      Expected results:

      Each file that originated from a RHEL RPM should have a security.ima attribute, and these can prove each file originated from Red Hat and has not been altered.

      Additional info:

              Unassigned Unassigned
              jramsay1@redhat.com Jim Ramsay
              Michael Nguyen Michael Nguyen
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: