[PATCH 2/3] IMA:Define a new template field buf

prakhar srivastava prsriva02 at gmail.com
Wed Jun 19 18:08:56 UTC 2019


<snip>
> >       if (iint->measured_pcrs & (0x1 << pcr))
> > diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
> > index 993d0f1915ff..c8591406c0e2 100644
> > --- a/security/integrity/ima/ima_init.c
> > +++ b/security/integrity/ima/ima_init.c
> > @@ -50,7 +50,7 @@ static int __init ima_add_boot_aggregate(void)
> >       struct ima_template_entry *entry;
> >       struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
> >       struct ima_event_data event_data = {iint, NULL, boot_aggregate_name,
> > -                                         NULL, 0, NULL};
> > +                                         NULL, 0, NULL, NULL, 0};
> >       int result = -ENOMEM;
> >       int violation = 0;
> >       struct {
> >
>
> These changes shouldn't be necessary.  Please rebase these patches on
> top of the latest next-queued-testing branch (git remote update).  "IMA: support for per
> policy rule template formats" is still changing.
>
> Minor nit.  When re-posting the patches please update the patch titles
> so that there is a space between the subsystem name and the patch
> title (eg. "ima: define ...").
>
I believe the above event_data changes are needed, to store/read the
buffer length and buffer itself. The only exception will be if needed will be to
remove ima-buf as a template instead used a template_fmt in the policy
with KEXEC_CMDLINE from the "IMA: support for per
 policy rule template formats" is still changing.".
In my view even ima-buf is needed as it simplifies the usage.

Please let me know if I misunderstood your comment.
> Mimi
>



More information about the Linux-security-module-archive mailing list