[PATCH v13 26/25] Audit: Multiple LSM support in audit rules

Casey Schaufler casey at schaufler-ca.com
Fri Jan 10 19:40:13 UTC 2020


On 1/9/2020 8:33 AM, Mimi Zohar wrote:
> Hi Casey,
>
> On Fri, 2020-01-03 at 10:53 -0800, Casey Schaufler wrote:
>> With multiple possible security modules supporting audit rule
>> it is necessary to keep separate data for each module in the
>> audit rules. This affects IMA as well, as it re-uses the audit
>> rule list mechanisms.
> While reviewing this patch, I realized there was a bug in the base IMA
> code.  With Janne's bug fix, that he just posted, I think this patch
> can now be simplified.

How and when do you plan to get Janne's fix in? It's looking like
stacking won't be in for 5.6.

> My main concern is the number of warning messages that will be
> generated.  Any time a new LSM policy is loaded, the labels will be
> re-evaulated whether or not they are applicable to the particular LSM,
> causing unnecessary warnings.

Uhg. 

>
> Mimi
>



More information about the Linux-security-module-archive mailing list