[PATCH v1 - RFC] ima: export the measurement list when needed
Janne Karhunen
janne.karhunen at gmail.com
Sat Dec 21 10:41:20 UTC 2019
On Fri, Dec 20, 2019 at 4:04 PM Mimi Zohar <zohar at linux.ibm.com> wrote:
> Should the kernel be involved in writing the IMA measurement list to a
> file or, as Dave suggested, this should be delegated to a userspace
> application?
That is a good question. I went this way as it did not feel right to
me that the kernel would depend on periodic, reliable userspace
functionality to stay running (we would have a circular dependency).
The thing is, once the kernel starts to run low on memory, it may kill
that periodic daemon flushing the data for reasons unrelated to IMA.
--
Janne
More information about the Linux-security-module-archive
mailing list