[PATCH] ima: ima/lsm policy rule loading logic bug fixes
Mimi Zohar
zohar at linux.ibm.com
Thu Jan 9 14:54:58 UTC 2020
On Thu, 2020-01-09 at 16:08 +0200, Janne Karhunen wrote:
> Keep the ima policy rules around from the beginning even
> if they appear invalid at the time of loading, as they
> may become active after the lsm policy load. In other
> words, now the lsm and the ima can be initialized in any
> order and the handling logic is the same as with the lsm
> rule reload event.
>
> Patch also fixes the rule re-use during the lsm policy
> reload and makes some prints a bit more human readable.
Thanks, Janne. What do you think about adding a single sentence at
the end of this patch description? Something along the lines of,
"With these changes, there no need to defer loading a custom IMA
policy, based on LSM rules, until after the LSM policy has been
initialized."
The line length, here, is a bit short. According to section "14) the
canonical path format" of Documentation/process/submitting-
patches.rst, the body of the explanation shouldl be line wrapped at 75
columns.
>
> Cc: Casey Schaufler <casey at schaufler-ca.com>
> Reported-by: Mimi Zohar <zohar at linux.ibm.com>
> Signed-off-by: Janne Karhunen <janne.karhunen at gmail.com>
> Signed-off-by: Konsta Karsisto <konsta.karsisto at gmail.com>
Please include a "Fixes" tag as well. Otherwise,
Reviewed-by: Mimi Zohar <zohar at linux.ibm.com>
More information about the Linux-security-module-archive
mailing list