[PATCH v39 01/42] integrity: disassociate ima_filter_rule from security_audit_rule

Mimi Zohar zohar at linux.ibm.com
Mon Jun 24 13:57:14 UTC 2024


On Mon, 2024-06-24 at 10:45 +0200, Roberto Sassu wrote:
> My only comment would be that I would not call the new functions with
> the ima_ prefix, being those in security.c, which is LSM agnostic, but
> I would rather use a name that more resembles the differences, if any.

Commit 4af4662fa4a9 ("integrity: IMA policy") originally referred to these hooks
as security_filter_rule_XXXX, but commit b8867eedcf76 ("ima: Rename internal
filter rule functions") renamed the function to ima_filter_rule_XXX) to avoid
security namespace polution.

If these were regular security hooks, the hooks would be named:
filter_rule_init, filter_rule_free, filter_rule_match with the matching
"security" prefix functions. Audit and IMA would then register the hooks.

I agree these functions should probably be renamed again, probably to
security_ima_filter_rule_XXXX.

Mimi




More information about the Linux-security-module-archive mailing list