[PATCH v5 3/7] IMA: add hook to measure critical data
Tushar Sugandhi
tusharsu at linux.microsoft.com
Fri Nov 13 17:23:14 UTC 2020
>>> Including "data_source" here isn't quite right. "data source" should
>>> only be added in the first patch which uses it, not here. When adding
>>> it please shorten the field description to "kernel data source". The
>>> longer explanation can be included in the longer function description.
>>>
>> *Question*
>> Do you mean the parameter @event_data_source should be removed from this
>> patch? And then later added in patch 7/7 – where SeLinux uses it?
>
> Data source support doesn't belong in this patch. Each patch should do
> one logical thing and only that one thing. This patch is adding
> support for measuring critical data. The data source patch will limit
> the critical data being measured.
>
> Other than updating the data source list in the documentation,
> definitely do not add data source support to the SELinux patch.
>
> thanks,
>
> Mimi
>
Makes sense, I will move the data_source from this patch to a
separate one before SeLinux.
And the SeLinux patch will simply update the documentation.
Thanks Mimi.
More information about the Linux-security-module-archive
mailing list