/usr/lib/dracut/modules.d/98integrity/ima-policy-load.sh is in dracut-core 047-2.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 | #!/bin/sh
# Licensed under the GPLv2
#
# Copyright (C) 2011 Politecnico di Torino, Italy
# TORSEC group -- http://security.polito.it
# Roberto Sassu <roberto.sassu@polito.it>
IMASECDIR="${SECURITYFSDIR}/ima"
IMACONFIG="${NEWROOT}/etc/sysconfig/ima"
IMAPOLICY="/etc/sysconfig/ima-policy"
load_ima_policy()
{
# check kernel support for IMA
if [ ! -e "${IMASECDIR}" ]; then
if [ "${RD_DEBUG}" = "yes" ]; then
info "integrity: IMA kernel support is disabled"
fi
return 0
fi
# override the default configuration
[ -f "${IMACONFIG}" ] && \
. ${IMACONFIG}
# set the IMA policy path name
IMAPOLICYPATH="${NEWROOT}${IMAPOLICY}"
# check the existence of the IMA policy file
[ -f "${IMAPOLICYPATH}" ] && {
info "Loading the provided IMA custom policy";
printf '%s' "${IMAPOLICYPATH}" > ${IMASECDIR}/policy || \
cat "${IMAPOLICYPATH}" > ${IMASECDIR}/policy
}
return 0
}
load_ima_policy
|