On Tue, 29.11.16 07:08, Stefan Berger (stef...@linux.vnet.ibm.com) wrote: > > > Fedora has its policy in /etc/sysconfig/ima-policy while Ubuntu > > > has it in /etc/default/ima-policy. So we try to read the IMA policy > > > from one location and try it from another location if it couldn't > > > be found. To maintainer backwards compatibility, we also try > > > /etc/ima/ima-policy. > > Sorry, but this looks very wrong. I am not sure what /etc/sysconfig/ > > and /etc/default/ima-policy are supposed to be, but I am pretty sure > > placing IMA policy there is just wrong. Moreover, our goal is to > > remove any distro-specific hooks in systemd in favour of common paths, > > not adding new. > > It's confusing... Dracut for example expects it in > /etc/sysconfig/ima-policy: > > https://github.com/dracutdevs/dracut/blob/master/modules.d/98integrity/ima-policy-load.sh#L10
That sounds like something to fix in dracut. I am sure Harald would be fine with adopting the generic path. Harald? > So following that either one has to change. I chose to change systemd. To me > /etc/default on Debian systems is the equivalent of /etc/sysconfig on RPM > based ones (or at least RedHat based ones), so that's where this is coming > from. And both of them are bad idea. In particular the RH version. I mean /etc is already system configuration, why would you place a directory called "sysconfig" — which I figure is supposed to be short for "system configuration" inside a directory for system configuration? Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
