From 77640af54c071072ff4c8b53d68afba97ea2b1d4 Mon Sep 17 00:00:00 2001 From: Lans Zhang Date: Tue, 25 Jul 2017 09:37:59 +0800 Subject: IMA: move the default policy file to /etc/ima directory Signed-off-by: Lans Zhang --- meta-integrity/recipes-core/initrdscripts/files/init.ima | 2 +- .../recipes-support/ima-policy/ima-policy_0.1.bb | 16 +++++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) (limited to 'meta-integrity') diff --git a/meta-integrity/recipes-core/initrdscripts/files/init.ima b/meta-integrity/recipes-core/initrdscripts/files/init.ima index fce7eae..65d4a37 100755 --- a/meta-integrity/recipes-core/initrdscripts/files/init.ima +++ b/meta-integrity/recipes-core/initrdscripts/files/init.ima @@ -26,7 +26,7 @@ ROOT_DIR="${1}" SECURITYFS_DIR="${ROOT_DIR}/sys/kernel/security" # The policy files are always placed in initramfs -IMA_POLICY=/etc/ima_policy +IMA_POLICY=/etc/ima/ima_policy SECURITYFS_MOUNTED=0 diff --git a/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb b/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb index 982717a..9175839 100644 --- a/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb +++ b/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb @@ -1,18 +1,20 @@ DESCRIPTION = "The default external IMA policy" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ - file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" +LIC_FILES_CHKSUM = "\ + file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ + file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420 \ +" -SRC_URI = " \ - file://ima_policy.default \ - " +SRC_URI = "\ + file://ima_policy.default \ +" S = "${WORKDIR}" do_install() { - install -d "${D}${sysconfdir}" + install -d "${D}${sysconfdir}/ima" install -m 0400 "${WORKDIR}/ima_policy.default" \ - "${D}${sysconfdir}" + "${D}${sysconfdir}/ima" } FILES_${PN} = "${sysconfdir}" -- cgit v1.2.3-54-g00ecf