Re: [systemd-devel] [PATCH v3] 98integrity: Use /etc/ima as dir for IMA policy and config file

Harald, please do not apply this patch. Stefan > > From: Stefan Berger <stef...@us.ibm.com> > > To sync with systemd, use the filepath /etc/ima/ima-policy as > the default file location for the IMA policy. At the same time we > move the ima config file locatio

[systemd-devel] [PATCH v3] 98integrity: Use /etc/ima as dir for IMA policy and config file

From: Stefan Berger <stef...@us.ibm.com> To sync with systemd, use the filepath /etc/ima/ima-policy as the default file location for the IMA policy. At the same time we move the ima config file location to /etc/ima/ima. Adapt the documentation to the new path. Maintain backwards compati

Re: [systemd-devel] [PATCH v2] 98integrity: Use /etc/ima as dir for IMA policy and config file

On 11/30/2016 10:52 AM, Harald Hoyer wrote: On 30.11.2016 16:24, Stefan Berger wrote: On 11/30/2016 10:16 AM, Harald Hoyer wrote: On 30.11.2016 16:10, Stefan Berger wrote: From: Stefan Berger <stef...@us.ibm.com> To sync with systemd, use the filepath /etc/ima/ima-policy as the file lo

Re: [systemd-devel] [PATCH v2] 98integrity: Use /etc/ima as dir for IMA policy and config file

On 11/30/2016 10:16 AM, Harald Hoyer wrote: On 30.11.2016 16:10, Stefan Berger wrote: From: Stefan Berger <stef...@us.ibm.com> To sync with systemd, use the filepath /etc/ima/ima-policy as the file location for the IMA policy. At the same time we move the ima config file location to /e

[systemd-devel] [PATCH v2] 98integrity: Use /etc/ima as dir for IMA policy and config file

From: Stefan Berger <stef...@us.ibm.com> To sync with systemd, use the filepath /etc/ima/ima-policy as the file location for the IMA policy. At the same time we move the ima config file location to /etc/ima/ima. Adapt the documentation to the new path. Signed-off-by: Stefan Berger

[systemd-devel] [PATCH] 98integrity: Use /etc/ima/ima-policy as file location for IMA policy

From: Stefan Berger <stef...@us.ibm.com> To sync with systemd, use the filepath /etc/ima/ima-policy as the file location for the IMA policy. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- modules.d/98integrity/ima-policy-load.sh | 7 ++- 1 file changed, 6 inse

Re: [systemd-devel] [PATCH 2/2] ima: Write the policy filename into IMA's sysfs policy file

On 11/29/2016 06:56 AM, Lennart Poettering wrote: On Mon, 28.11.16 14:17, Stefan Berger (stef...@linux.vnet.ibm.com) wrote: From: Stefan Berger <stef...@us.ibm.com> IMA validates file signatures based on the security.ima xattr. As of Linux-4.7, instead of copying the IMA

Re: [systemd-devel] [PATCH 1/2] ima: Have IMA policy loaded from /etc/sysconfig or /etc/default.

On 11/29/2016 06:49 AM, Lennart Poettering wrote: On Mon, 28.11.16 14:17, Stefan Berger (stef...@linux.vnet.ibm.com) wrote: From: Stefan Berger <stef...@us.ibm.com> Fedora has its policy in /etc/sysconfig/ima-policy while Ubuntu has it in /etc/default/ima-policy. So we try to read t

[systemd-devel] [PATCH 1/2] ima: Have IMA policy loaded from /etc/sysconfig or /etc/default.

From: Stefan Berger <stef...@us.ibm.com> Fedora has its policy in /etc/sysconfig/ima-policy while Ubuntu has it in /etc/default/ima-policy. So we try to read the IMA policy from one location and try it from another location if it couldn't be found. To maintainer backwards compatibility, w

[systemd-devel] [PATCH 2/2] ima: Write the policy filename into IMA's sysfs policy file

From: Stefan Berger <stef...@us.ibm.com> IMA validates file signatures based on the security.ima xattr. As of Linux-4.7, instead of copying the IMA policy into the securityfs policy, the IMA policy pathname can be written, allowing the IMA policy file signature to be validated. This