[PATCH 2/3] IMA:Define a new template field buf
prakhar srivastava
prsriva02 at gmail.com
Wed Jun 19 18:08:56 UTC 2019
<snip>
> > if (iint->measured_pcrs & (0x1 << pcr))
> > diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
> > index 993d0f1915ff..c8591406c0e2 100644
> > --- a/security/integrity/ima/ima_init.c
> > +++ b/security/integrity/ima/ima_init.c
> > @@ -50,7 +50,7 @@ static int __init ima_add_boot_aggregate(void)
> > struct ima_template_entry *entry;
> > struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
> > struct ima_event_data event_data = {iint, NULL, boot_aggregate_name,
> > - NULL, 0, NULL};
> > + NULL, 0, NULL, NULL, 0};
> > int result = -ENOMEM;
> > int violation = 0;
> > struct {
> >
>
> These changes shouldn't be necessary. Please rebase these patches on
> top of the latest next-queued-testing branch (git remote update). "IMA: support for per
> policy rule template formats" is still changing.
>
> Minor nit. When re-posting the patches please update the patch titles
> so that there is a space between the subsystem name and the patch
> title (eg. "ima: define ...").
>
I believe the above event_data changes are needed, to store/read the
buffer length and buffer itself. The only exception will be if needed will be to
remove ima-buf as a template instead used a template_fmt in the policy
with KEXEC_CMDLINE from the "IMA: support for per
policy rule template formats" is still changing.".
In my view even ima-buf is needed as it simplifies the usage.
Please let me know if I misunderstood your comment.
> Mimi
>
More information about the Linux-security-module-archive
mailing list