Re: [systemd-devel] [PATCH 2/2] main: added support for loading IMA custom policies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On Mon, 20.02.12 19:36, Roberto Sassu (roberto.sassu@xxxxxxxxx) wrote:

> On 02/20/2012 06:14 PM, Lennart Poettering wrote:
> >On Wed, 15.02.12 18:12, Roberto Sassu (roberto.sassu@xxxxxxxxx) wrote:
> >
> >>The location of the policy file is not IMA dependent. I chose that
> >>because it seemed to me the right place where to put this file.
> >>So, i can easily modify the location to be distribution independent
> >>but i don't known which directory would be appropriate.
> >>Any proposal?
> >
> >/etc/ima.conf or /etc/ima/ima.conf sound like obvious candidates.
> >
> I prefer the first one, because the second pathname raises the problem
> of creating a new subdirectory. However, i think we should keep the
> word 'policy' in the file name to avoid users believe that is a
> configuration file.

Creating a subdir is a problem? How so?

You should use a subdir /etc/ima/ if there's the chance that sooner or
later you might have to add another config file of some sorts to IMA. If
you are really sure that never happens, then you don't need the dir, but
if you are in doubt, better use one. (But this is the policy file,
right? so i figure you might end up with adding a conf file with options
like selinux' enforcing/permissive later on, so i think you should
better add a dir)

(Oh, and in contrast to what i suggested, if this is the policy file,
and not a configuration file, the .conf suffix of course makes little sense)


Lennart Poettering - Red Hat, Inc.
To unsubscribe from this list: send the line "unsubscribe initramfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

[Home]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]    [Yosemite Photos]    [Free Online Dating]     [Linux Kernel]     [Linux SCSI]     [XFree86]

Add to Google Powered by Linux