Re: [systemd-devel] [PATCH v3] 98integrity: Use /etc/ima as dir for IMA policy and config file

Harald, please do not apply this patch. Stefan > > From: Stefan Berger > > To sync with systemd, use the filepath /etc/ima/ima-policy as > the default file location for the IMA policy. At the same time we > move the ima config file location to /etc/ima/ima. Adapt the

[systemd-devel] [PATCH v3] 98integrity: Use /etc/ima as dir for IMA policy and config file

From: Stefan Berger To sync with systemd, use the filepath /etc/ima/ima-policy as the default file location for the IMA policy. At the same time we move the ima config file location to /etc/ima/ima. Adapt the documentation to the new path. Maintain backwards compatibility by still reading the

Re: [systemd-devel] [PATCH v2] 98integrity: Use /etc/ima as dir for IMA policy and config file

On 11/30/2016 10:52 AM, Harald Hoyer wrote: On 30.11.2016 16:24, Stefan Berger wrote: On 11/30/2016 10:16 AM, Harald Hoyer wrote: On 30.11.2016 16:10, Stefan Berger wrote: From: Stefan Berger To sync with systemd, use the filepath /etc/ima/ima-policy as the file location for the IMA policy

Re: [systemd-devel] [PATCH v2] 98integrity: Use /etc/ima as dir for IMA policy and config file

On 11/30/2016 10:16 AM, Harald Hoyer wrote: On 30.11.2016 16:10, Stefan Berger wrote: From: Stefan Berger To sync with systemd, use the filepath /etc/ima/ima-policy as the file location for the IMA policy. At the same time we move the ima config file location to /etc/ima/ima. Adapt the

[systemd-devel] [PATCH v2] 98integrity: Use /etc/ima as dir for IMA policy and config file

From: Stefan Berger To sync with systemd, use the filepath /etc/ima/ima-policy as the file location for the IMA policy. At the same time we move the ima config file location to /etc/ima/ima. Adapt the documentation to the new path. Signed-off-by: Stefan Berger --- modules.d/98integrity/README

[systemd-devel] [PATCH] 98integrity: Use /etc/ima/ima-policy as file location for IMA policy

From: Stefan Berger To sync with systemd, use the filepath /etc/ima/ima-policy as the file location for the IMA policy. Signed-off-by: Stefan Berger --- modules.d/98integrity/ima-policy-load.sh | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules.d/98integrity/ima

Re: [systemd-devel] [PATCH 2/2] ima: Write the policy filename into IMA's sysfs policy file

On 11/29/2016 06:56 AM, Lennart Poettering wrote: On Mon, 28.11.16 14:17, Stefan Berger (stef...@linux.vnet.ibm.com) wrote: From: Stefan Berger IMA validates file signatures based on the security.ima xattr. As of Linux-4.7, instead of copying the IMA policy into the securityfs policy, the

Re: [systemd-devel] [PATCH 1/2] ima: Have IMA policy loaded from /etc/sysconfig or /etc/default.

On 11/29/2016 06:49 AM, Lennart Poettering wrote: On Mon, 28.11.16 14:17, Stefan Berger (stef...@linux.vnet.ibm.com) wrote: From: Stefan Berger Fedora has its policy in /etc/sysconfig/ima-policy while Ubuntu has it in /etc/default/ima-policy. So we try to read the IMA policy from one

[systemd-devel] [PATCH 1/2] ima: Have IMA policy loaded from /etc/sysconfig or /etc/default.

From: Stefan Berger Fedora has its policy in /etc/sysconfig/ima-policy while Ubuntu has it in /etc/default/ima-policy. So we try to read the IMA policy from one location and try it from another location if it couldn't be found. To maintainer backwards compatibility, we also try /etc/im

[systemd-devel] [PATCH 2/2] ima: Write the policy filename into IMA's sysfs policy file

From: Stefan Berger IMA validates file signatures based on the security.ima xattr. As of Linux-4.7, instead of copying the IMA policy into the securityfs policy, the IMA policy pathname can be written, allowing the IMA policy file signature to be validated. This patch modifies the existing code