[systemd-devel] [Linux-ima-user] [PATCH 2/2] main: added support for loading IMA custom policies

[Kay Sievers]

On Tue, Feb 21, 2012 at 15:07, Colin Guthrie <gmane at colin.guthr.ie> wrote:

>> The code for loading IMA custom policies was placed in the initial
>> ramdisk with the purpose to avoid distribution specific dependencies.
>> However, since the SELinux initialization has been moved to Systemd
>> and Systemd itself will be used by the major distributions, i think
>> placing the IMA code here is the best solution, even if it is not the
>> most general.
>
> Just for reference, not all distros use the same initrd generator
> anyway. We're trying to move to dracut, but it's certainly not universal
> at the moment. I think Suse use something else (maybe they plan to move
> to dracut too?) and I've no idea about Ubuntu but I doubt they use dracut.
>
> So I'd suggest that at the moment, systemd will actually get you wider
> coverage... although that's just a slightly ill-informed and hand-wave
> analysis on my part. Either way, I think it's better in systemd :D

Sounds right. The initramfs is definitely less generic than systemd
is. Almost every distro has still its own here. The situation today
with initramfs generators can probably not get more distro-specific;
it is still almost at its maximum. :)

So the thinking of moving anything to the initramfs to avoid the Linux
distro balcanization problem will usually not work out.

Kay