On Thu, Feb 16, 2012 at 12:30:31PM -0200, Gustavo Sverzut Barbieri wrote: > On Thu, Feb 16, 2012 at 11:38 AM, Roberto Sassu <roberto.sa...@polito.it> > wrote: > > the reason for which the loading of IMA policies has been placed in > > the main Systemd executable is that the measurement process performed > > by IMA should start as early as possible. Otherwise, in order to build > > the 'chain of trust' during the boot process from the BIOS to software > > applications, it is required to measure those components loaded before > > IMA is initialized with other means (for example from the boot loader). > > Then I wonder: why not make an ima-init binary that: > - does ima_setup() > - exec systemd || upstart || ... > > this way you only have to audit this very small file and not systemd > itself, it's very early and so on.
Isn't that a job for initramfs? -- Tomasz Torcz "Never underestimate the bandwidth of a station xmpp: zdzich...@chrome.pl wagon filled with backup tapes." -- Jim Gray _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel