[yocto] [meta-security][PATCH 5/8] Revert "ima: Rename IMA_EVM_POLICY_SYSTEMD to IMA_EVM_POLICY"

Tue, 09 May 2023 11:57:26 -0700 

This reverts commit 292b49342cb47da59525a44227598cf136311e1b.

The full patchset are overriding the do_configure task and also added a kernel 
patch
on meta-integrity/recipes-kernel/linux/linux_ima.inc and this file is included
in every recipe that follows the pattern pattern starting by linux- 
(recipes-kernel/linux/linux-%.bbappend).
So the patch fails in some recipes and also do_configure task doesn't make 
sense.
This breaks many recipes like linux-firmware and maybe others.

Signed-off-by: Jose Quaresma <jose.quare...@foundries.io>
---
 meta-integrity/README.md                      | 2 +-
 meta-integrity/classes/ima-evm-rootfs.bbclass | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta-integrity/README.md b/meta-integrity/README.md
index 816b40d..eae1c57 100644
--- a/meta-integrity/README.md
+++ b/meta-integrity/README.md
@@ -187,7 +187,7 @@ IMA policy loading became broken in systemd 2.18. The 
modified systemd
 changes. To activate policy loading via systemd, place a policy file
 in `/etc/ima/ima-policy`, for example with:
 
-    IMA_EVM_POLICY = "${INTEGRITY_BASE}/data/ima_policy_simple"
+    IMA_EVM_POLICY_SYSTEMD = "${INTEGRITY_BASE}/data/ima_policy_simple"
 
 To check that measuring works, look at 
`/sys/kernel/security/ima/ascii_runtime_measurements`
 
diff --git a/meta-integrity/classes/ima-evm-rootfs.bbclass 
b/meta-integrity/classes/ima-evm-rootfs.bbclass
index 6902d69..3cb0d07 100644
--- a/meta-integrity/classes/ima-evm-rootfs.bbclass
+++ b/meta-integrity/classes/ima-evm-rootfs.bbclass
@@ -69,10 +69,10 @@ ima_evm_sign_rootfs () {
     find ${IMA_EVM_ROOTFS_HASHED} | xargs -d "\n" --no-run-if-empty --verbose 
evmctl ima_hash
 
     # Optionally install custom policy for loading by systemd.
-    if [ "${IMA_EVM_POLICY}" ]; then
+    if [ "${IMA_EVM_POLICY_SYSTEMD}" ]; then
         install -d ./${sysconfdir}/ima
         rm -f ./${sysconfdir}/ima/ima-policy
-        install "${IMA_EVM_POLICY}" ./${sysconfdir}/ima/ima-policy
+        install "${IMA_EVM_POLICY_SYSTEMD}" ./${sysconfdir}/ima/ima-policy
     fi
 }
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#59950): https://lists.yoctoproject.org/g/yocto/message/59950
Mute This Topic: https://lists.yoctoproject.org/mt/98790794/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to