[PATCH v5 2/2] ima: Handle -ESTALE returned by ima_filter_rule_match()

[Mimi Zohar]

On Wed, 2022-11-02 at 09:42 +0800, Guozihua (Scott) wrote:
> > As I only see an IMA measurement policy rule being loaded for
> > "unlabeled_t" and not "user_home_t", should I assume that an IMA
> > measurement rule already exists for "user_home_t"?
> 
> There wasn't a rule for user_home_t. These scripts demonstrate that 
> during a selinux policy reload, IMA would measure files that is not in 
> the range of it's LSM based rules. Which is the issue I am trying to fix.
> 
> In this test, we only have one rule for measuring files of type 
> unlabeled_t. However, during selinux policy reload, file of user_home_t 
> is also measured.

Thanks, Scott.  After tweaking the scripts for my system, I was able to
reproduce the bug.  This patch set is now queued in next-integrity.

-- 
thanks, 

Mimi