On Wed, 2022-02-02 at 09:40 -0500, Stefan Berger wrote: > On 2/2/22 09:13, Christian Brauner wrote: > > On Tue, Feb 01, 2022 at 03:37:08PM -0500, Stefan Berger wrote: > >> > >> v10: > >> - Added A-b's; addressed issues from v9 > >> - Added 2 patches to support freeing of iint after namespace deletion > >> - Added patch to return error code from securityfs functions > >> - Added patch to limit number of policy rules in IMA-ns to 1024 > > I'm going to go take a lighter touch with this round of reviews. > > First, because I have February off. :) > > Second, because I think that someone who is more familiar with IMA and > > its requirements should take another look to provide input and ask more > > questions. Last time I spoke to Serge he did want to give this a longer > > look and maybe also has additional questions. > > The one problem I am seeing is that we probably cannot support auditing > in IMA namespaces since every user can now create an IMA namespace. > Unless auditing was namespaced, the way it is now gives too much control > to the user to flood the host audit log. Stefan, we need to differentiate between the different types of audit records being produced by IMA. Some of these are informational, like the policy rules being loaded or "Time of Measure, Time of Use" (ToMToU) records. When we discuss IMA-audit we're referring to the file hashes being added in the audit log. These are the result of the IMA "audit" policy rules. How much of these informational messages should be audited in IMA namespaces still needs to be discussed. For now, feel free to limit the audit messages to just the file hashes. thanks, Mimi
