On Mon, 28.11.16 14:17, Stefan Berger (stef...@linux.vnet.ibm.com) wrote: > From: Stefan Berger <stef...@us.ibm.com> > > Fedora has its policy in /etc/sysconfig/ima-policy while Ubuntu > has it in /etc/default/ima-policy. So we try to read the IMA policy > from one location and try it from another location if it couldn't > be found. To maintainer backwards compatibility, we also try > /etc/ima/ima-policy.
Sorry, but this looks very wrong. I am not sure what /etc/sysconfig/ and /etc/default/ima-policy are supposed to be, but I am pretty sure placing IMA policy there is just wrong. Moreover, our goal is to remove any distro-specific hooks in systemd in favour of common paths, not adding new. Hence I am sorry, but I don't think this is right. Please ask the downstream maintainers to agree on /etc/ima/ima-policy (or any oher common path). Let's fix the distros, let's not work around them in systemd. I hope this makes sense, sorry, Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel