[PATCH] ima: ima/lsm policy rule loading logic bug fixes

Mimi Zohar zohar at linux.ibm.com
Thu Jan 9 14:54:58 UTC 2020

On Thu, 2020-01-09 at 16:08 +0200, Janne Karhunen wrote:
> Keep the ima policy rules around from the beginning even
> if they appear invalid at the time of loading, as they
> may become active after the lsm policy load. In other
> words, now the lsm and the ima can be initialized in any
> order and the handling logic is the same as with the lsm
> rule reload event.
> Patch also fixes the rule re-use during the lsm policy
> reload and makes some prints a bit more human readable.

Thanks, Janne.  What do you think about adding a single sentence at
the end of this patch description?  Something along the lines of,
"With these changes, there no need to defer loading a custom IMA
policy, based on LSM rules, until after the LSM policy has been

The line length, here, is a bit short.  According to section "14) the
canonical path format" of Documentation/process/submitting-
patches.rst, the body of the explanation shouldl be line wrapped at 75

> Cc: Casey Schaufler <casey at schaufler-ca.com>
> Reported-by: Mimi Zohar <zohar at linux.ibm.com>
> Signed-off-by: Janne Karhunen <janne.karhunen at gmail.com>
> Signed-off-by: Konsta Karsisto <konsta.karsisto at gmail.com>

Please include a "Fixes" tag as well.  Otherwise,

Reviewed-by: Mimi Zohar <zohar at linux.ibm.com>

More information about the Linux-security-module-archive mailing list