Mimi Zohar <zohar at linux.vnet.ibm.com> wrote: > > Okay, fair enough. I can stick in an OR with an IS_ENABLED on some IMA > > symbol. CONFIG_IMA_KEXEC maybe? And also require IMA be enabled? > > Not quite, since as Dave pointed out, IMA is policy driven. As a > policy is installed, we could set a flag. Does such a flag exist as yet? David
