[PATCH v5 2/2] ima: Handle -ESTALE returned by ima_filter_rule_match()

Guozihua (Scott) guozihua at huawei.com
Mon Nov 14 03:31:07 UTC 2022


On 2022/11/3 21:15, Mimi Zohar wrote:
> On Wed, 2022-11-02 at 09:42 +0800, Guozihua (Scott) wrote:
>>> As I only see an IMA measurement policy rule being loaded for
>>> "unlabeled_t" and not "user_home_t", should I assume that an IMA
>>> measurement rule already exists for "user_home_t"?
>>
>> There wasn't a rule for user_home_t. These scripts demonstrate that
>> during a selinux policy reload, IMA would measure files that is not in
>> the range of it's LSM based rules. Which is the issue I am trying to fix.
>>
>> In this test, we only have one rule for measuring files of type
>> unlabeled_t. However, during selinux policy reload, file of user_home_t
>> is also measured.
> 
> Thanks, Scott.  After tweaking the scripts for my system, I was able to
> reproduce the bug.  This patch set is now queued in next-integrity.
> 

Hi Mimi,

Any chance these patches would be in 6.1?
-- 
Best
GUO Zihua



More information about the Linux-security-module-archive mailing list