[PATCH v2] integrity: silence warning when CONFIG_SECURITYFS is not enabled

Sudeep Holla sudeep.holla at arm.com
Wed Jun 6 09:23:01 UTC 2018



On 05/06/18 15:49, Mimi Zohar wrote:
> On Tue, 2018-06-05 at 11:25 +0100, Sudeep Holla wrote:
>> When CONFIG_SECURITYFS is not enabled, securityfs_create_dir returns
>> -ENODEV which throws the following error:
>> 	"Unable to create integrity sysfs dir: -19"
>>
>> However, if the feature is disabled, it can't be warning and hence
>> we need to silence the error. This patch checks for the error -ENODEV
>> which is returned when CONFIG_SECURITYFS is disabled to stop the error
>> being thrown.
> 
> Both IMA and EVM require securityfs, at least for the time being.
>  Under what circumstances would integrity and not securityfs be
> enabled.  Is this a Kconfig issue?
> 

Could be, looks like it's not enforced and hence I have ended up with
a config that has CONFIG_SECURITYFS disabled. I have bot IMA and EVM
disabled too. However CONFIG_INTEGRITY is enabled.

-- 
Regards,
Sudeep
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list