diff options
author | Ming Liu <liu.ming50@gmail.com> | 2021-03-22 14:02:15 +0100 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2021-04-02 08:21:34 -0700 |
commit | 995f25bcb91357d988d89e940ac1d2f792c18b1a (patch) | |
tree | 1e26f8d4f3abad99719c73474042b3ee6308a75e | |
parent | 90504a2580bc251030b90385cbfe8f4e05c10893 (diff) | |
download | meta-security-995f25bcb91357d988d89e940ac1d2f792c18b1a.tar.gz |
meta: drop IMA_POLICY from policy recipes
IMA_POLICY is being referred as policy recipe name in some places and it
is also being referred as policy file in other places, they are
conflicting with each other which make it impossible to set a IMA_POLICY
global variable in config file.
Fix it by dropping IMA_POLICY definitions from policy recipes
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
3 files changed, 6 insertions, 21 deletions
diff --git a/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb b/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb index da62a4c..84ea161 100644 --- a/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb +++ b/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb | |||
@@ -2,19 +2,14 @@ SUMMARY = "IMA sample simple appraise policy " | |||
2 | LICENSE = "MIT" | 2 | LICENSE = "MIT" |
3 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" | 3 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" |
4 | 4 | ||
5 | # This policy file will get installed as /etc/ima/ima-policy. | 5 | SRC_URI = " file://ima_policy_appraise_all" |
6 | # It is located via the normal file search path, so a .bbappend | ||
7 | # to this recipe can just point towards one of its own files. | ||
8 | IMA_POLICY ?= "ima_policy_appraise_all" | ||
9 | |||
10 | SRC_URI = " file://${IMA_POLICY}" | ||
11 | 6 | ||
12 | inherit features_check | 7 | inherit features_check |
13 | REQUIRED_DISTRO_FEATURES = "ima" | 8 | REQUIRED_DISTRO_FEATURES = "ima" |
14 | 9 | ||
15 | do_install () { | 10 | do_install () { |
16 | install -d ${D}/${sysconfdir}/ima | 11 | install -d ${D}/${sysconfdir}/ima |
17 | install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy | 12 | install ${WORKDIR}/ima_policy_appraise_all ${D}/${sysconfdir}/ima/ima-policy |
18 | } | 13 | } |
19 | 14 | ||
20 | FILES_${PN} = "${sysconfdir}/ima" | 15 | FILES_${PN} = "${sysconfdir}/ima" |
diff --git a/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb b/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb index ebb0426..ff7169e 100644 --- a/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb +++ b/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb | |||
@@ -2,13 +2,8 @@ SUMMARY = "IMA sample hash policy" | |||
2 | LICENSE = "MIT" | 2 | LICENSE = "MIT" |
3 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" | 3 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" |
4 | 4 | ||
5 | # This policy file will get installed as /etc/ima/ima-policy. | ||
6 | # It is located via the normal file search path, so a .bbappend | ||
7 | # to this recipe can just point towards one of its own files. | ||
8 | IMA_POLICY ?= "ima_policy_hashed" | ||
9 | |||
10 | SRC_URI = " \ | 5 | SRC_URI = " \ |
11 | file://${IMA_POLICY} \ | 6 | file://ima_policy_hashed \ |
12 | " | 7 | " |
13 | 8 | ||
14 | inherit features_check | 9 | inherit features_check |
@@ -16,7 +11,7 @@ REQUIRED_DISTRO_FEATURES = "ima" | |||
16 | 11 | ||
17 | do_install () { | 12 | do_install () { |
18 | install -d ${D}/${sysconfdir}/ima | 13 | install -d ${D}/${sysconfdir}/ima |
19 | install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy | 14 | install ${WORKDIR}/ima_policy_hashed ${D}/${sysconfdir}/ima/ima-policy |
20 | } | 15 | } |
21 | 16 | ||
22 | FILES_${PN} = "${sysconfdir}/ima" | 17 | FILES_${PN} = "${sysconfdir}/ima" |
diff --git a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb index cb4b6b8..0e56aec 100644 --- a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb +++ b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb | |||
@@ -2,19 +2,14 @@ SUMMARY = "IMA sample simple policy" | |||
2 | LICENSE = "MIT" | 2 | LICENSE = "MIT" |
3 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" | 3 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" |
4 | 4 | ||
5 | # This policy file will get installed as /etc/ima/ima-policy. | 5 | SRC_URI = " file://ima_policy_simple" |
6 | # It is located via the normal file search path, so a .bbappend | ||
7 | # to this recipe can just point towards one of its own files. | ||
8 | IMA_POLICY ?= "ima_policy_simple" | ||
9 | |||
10 | SRC_URI = " file://${IMA_POLICY}" | ||
11 | 6 | ||
12 | inherit features_check | 7 | inherit features_check |
13 | REQUIRED_DISTRO_FEATURES = "ima" | 8 | REQUIRED_DISTRO_FEATURES = "ima" |
14 | 9 | ||
15 | do_install () { | 10 | do_install () { |
16 | install -d ${D}/${sysconfdir}/ima | 11 | install -d ${D}/${sysconfdir}/ima |
17 | install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy | 12 | install ${WORKDIR}/ima_policy_simple ${D}/${sysconfdir}/ima/ima-policy |
18 | } | 13 | } |
19 | 14 | ||
20 | FILES_${PN} = "${sysconfdir}/ima" | 15 | FILES_${PN} = "${sysconfdir}/ima" |