[PATCH v13 26/25] Audit: Multiple LSM support in audit rules
Mimi Zohar
zohar at linux.ibm.com
Thu Jan 9 16:33:27 UTC 2020
Hi Casey,
On Fri, 2020-01-03 at 10:53 -0800, Casey Schaufler wrote:
> With multiple possible security modules supporting audit rule
> it is necessary to keep separate data for each module in the
> audit rules. This affects IMA as well, as it re-uses the audit
> rule list mechanisms.
While reviewing this patch, I realized there was a bug in the base IMA
code. With Janne's bug fix, that he just posted, I think this patch
can now be simplified.
My main concern is the number of warning messages that will be
generated. Any time a new LSM policy is loaded, the labels will be
re-evaulated whether or not they are applicable to the particular LSM,
causing unnecessary warnings.
Mimi
More information about the Linux-security-module-archive
mailing list