[RFC 0/2] ima: evm: Add kernel cmdline options to disable IMA/EVM
Casey Schaufler
casey at schaufler-ca.com
Tue Dec 17 21:29:15 UTC 2024
On 12/17/2024 12:25 PM, Song Liu wrote:
> While reading and testing LSM code, I found IMA/EVM consume per inode
> storage even when they are not in use. Add options to diable them in
> kernel command line. The logic and syntax is mostly borrowed from an
> old serious [1].
Why not omit ima and evm from the lsm= parameter?
>
> [1] https://lore.kernel.org/lkml/cover.1398259638.git.d.kasatkin@samsung.com/
>
> Song Liu (2):
> ima: Add kernel parameter to disable IMA
> evm: Add kernel parameter to disable EVM
>
> security/integrity/evm/evm.h | 6 ++++++
> security/integrity/evm/evm_main.c | 22 ++++++++++++++--------
> security/integrity/evm/evm_secfs.c | 3 ++-
> security/integrity/ima/ima_main.c | 13 +++++++++++++
> 4 files changed, 35 insertions(+), 9 deletions(-)
>
> --
> 2.43.5
>
More information about the Linux-security-module-archive
mailing list