Menu
▾
▴
Re: [Linux-ima-user] [systemd-devel] [PATCH 2/2] main: added support for loading IMA custom policies
|
From: Roberto S. <rob...@po...> - 2012-02-15 17:14:48
|
On 02/15/2012 05:55 PM, Gustavo Sverzut Barbieri wrote: > On Wed, Feb 15, 2012 at 2:26 PM, Roberto Sassu<rob...@po...> wrote: >> >> On 02/15/2012 03:30 PM, Gustavo Sverzut Barbieri wrote: >>> >>> On Wed, Feb 15, 2012 at 11:23 AM, Roberto Sassu<rob...@po...> wrote: >>>> >>>> The new function ima_setup() loads an IMA custom policy from a file in the >>>> default location '/etc/sysconfig/ima-policy', if present, and writes it to >>> >>> >>> isn't /etc/sysconfig too specific to Fedora? >>> >> >> Hi Gustavo >> >> probably yes. I see the code in 'src/locale-setup.c' where the >> the configuration directory depends on the target distribution. >> I can implement something like that in my patch. > > Can't IMA be changed? Lennart seems to be pushing for distribution > independent location files. If you can get IMA people to agree on > something, just use this one instead. > > People that use IMA with systemd must use this location. Eventually > this will happen with every configuration file we support. > The location of the policy file is not IMA dependent. I chose that because it seemed to me the right place where to put this file. So, i can easily modify the location to be distribution independent but i don't known which directory would be appropriate. Any proposal? Regards Roberto Sassu > >>> Also, I certainly have no such things in my system and see no point in >>> calling ima_setup() on it. Or even compiling the source file in such >>> case. >>> >> >> Ok. I can enclose the code in ima-setup.c within an 'ifdef HAVE_IMA' >> statement, as it happens for SELinux. However an issue is that there is no a specific package for IMA that can be checked to set the HAVE_IMA >> definition to yes. Instead, the code can be enabled for example by >> adding the parameter '--enable_ima' in the configure script. > > okay. > > -- > Gustavo Sverzut Barbieri > http://profusion.mobi embedded systems > -------------------------------------- > MSN: bar...@gm... > Skype: gsbarbieri > Mobile: +55 (19) 9225-2202 |
