@@ -187,7 +187,7 @@ IMA policy loading became broken in systemd 2.18. The modified systemd
changes. To activate policy loading via systemd, place a policy file
in `/etc/ima/ima-policy`, for example with:
- IMA_EVM_POLICY_SYSTEMD = "${INTEGRITY_BASE}/data/ima_policy_simple"
+ IMA_EVM_POLICY = "${INTEGRITY_BASE}/data/ima_policy_simple"
To check that measuring works, look at `/sys/kernel/security/ima/ascii_runtime_measurements`
@@ -69,10 +69,10 @@ ima_evm_sign_rootfs () {
find ${IMA_EVM_ROOTFS_HASHED} | xargs -d "\n" --no-run-if-empty --verbose evmctl ima_hash
# Optionally install custom policy for loading by systemd.
- if [ "${IMA_EVM_POLICY_SYSTEMD}" ]; then
+ if [ "${IMA_EVM_POLICY}" ]; then
install -d ./${sysconfdir}/ima
rm -f ./${sysconfdir}/ima/ima-policy
- install "${IMA_EVM_POLICY_SYSTEMD}" ./${sysconfdir}/ima/ima-policy
+ install "${IMA_EVM_POLICY}" ./${sysconfdir}/ima/ima-policy
fi
}
The IMA policy will be specified using the IMA_EVM_POLICY variable since systemd will not be involved in loading the policy but the init script will load it. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- meta-integrity/README.md | 2 +- meta-integrity/classes/ima-evm-rootfs.bbclass | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)