projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3cb93eb) | patch
core: load IPE policy on boot
authorLuca Boccassi <bluca@debian.org>
Sat, 14 Sep 2024 12:27:53 +0000 (14:27 +0200)
committerLennart Poettering <lennart@poettering.net>
Wed, 2 Oct 2024 16:29:43 +0000 (18:29 +0200)
commit394c61416c19bcc3231d3f717b72ef9d90b89ee7
tree7576ce2a659f818c11773f34e153b64459c6062atree | snapshot
parent3cb93ebcf26506c4bbdb225831c7bf4d3e112112commit | diff
core: load IPE policy on boot

IPE is a new LSM being introduced in 6.12. Like IMA, it works based on a
policy file that has to be loaded at boot, the earlier the better. So
like IMA, if such a policy is present, load it and activate it.

If there are any .p7b files in /etc/ipe/, load them as policies.
The files have to be inline signed in DER format as per IPE documentation.

For more information on the details of IPE:

https://microsoft.github.io/ipe/
meson.build diff | blob | history
meson_options.txt diff | blob | history
src/basic/build.c diff | blob | history
src/core/ipe-setup.c [new file with mode: 0644] blob
src/core/ipe-setup.h [new file with mode: 0644] blob
src/core/main.c diff | blob | history
src/core/meson.build diff | blob | history
https://github.com/systemd/systemd.git