From 55f5efce4b22900a52290da8fbd1765f696b4c9f Mon Sep 17 00:00:00 2001
From: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Date: Thu, 1 Dec 2022 18:29:33 +0400
Subject: [PATCH] fix: ignore many more filesystems in IMA

Fixes #6553

Talos itself defaults to XFS, so IMA measurements weren't done for Talos
own filesystems. But many other solutions create by default ext4
filesystems, or it might be something mounted by other means.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
---
 .../v1alpha1/v1alpha1_sequencer_tasks.go        | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go
index 43e77eb51ce..49f1b5dfad8 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go
@@ -338,10 +338,25 @@ var rules = []string{
 	"dont_measure fsmagic=0x43415d53", // SMACK_MAGIC
 	"dont_measure fsmagic=0x27e0eb",   // CGROUP_SUPER_MAGIC
 	"dont_measure fsmagic=0x63677270", // CGROUP2_SUPER_MAGIC
-	"dont_measure fsmagic=0x6e736673", // NSFS_MAGIC
+	"dont_measure fsmagic=0x6e736673", // NFS_MAGIC
 	"dont_measure fsmagic=0xde5e81e4", // EFIVARFS_MAGIC
 	"dont_measure fsmagic=0x58465342", // XFS_MAGIC
 	"dont_measure fsmagic=0x794c7630", // OVERLAYFS_SUPER_MAGIC
+	"dont_measure fsmagic=0x858458f6", // BTRFS_SUPER_MAGIC
+	"dont_measure fsmagic=0x3153464a", // JFFS2_SUPER_MAGIC
+	"dont_measure fsmagic=0x6d736673", // MSDOS_SUPER_MAGIC
+	"dont_measure fsmagic=0x24051905", // NFS_SUPER_MAGIC
+	"dont_measure fsmagic=0x5346544e", // NTFS_SB_MAGIC
+	"dont_measure fsmagic=0x3434",     // ISOFS_SUPER_MAGIC
+	"dont_measure fsmagic=0x1373",     // UDF_SUPER_MAGIC
+	"dont_measure fsmagic=0x00011954", // UFS_MAGIC
+	"dont_measure fsmagic=0x52654973", // REISERFS_SUPER_MAGIC
+	"dont_measure fsmagic=0x137d",     // EXT_SUPER_MAGIC
+	"dont_measure fsmagic=0xef51",     // EXT2_OLD_SUPER_MAGIC
+	"dont_measure fsmagic=0xef53",     // EXT2_SUPER_MAGIC
+	"dont_measure fsmagic=0xef53",     // EXT3_SUPER_MAGIC
+	"dont_measure fsmagic=0xef53",     // EXT4_SUPER_MAGIC
+	"dont_measure fsmagic=0x00c36400", // CEPH_SUPER_MAGIC
 	"measure func=MMAP_CHECK mask=MAY_EXEC",
 	"measure func=BPRM_CHECK mask=MAY_EXEC",
 	"measure func=FILE_CHECK mask=^MAY_READ euid=0",