> > diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy > > index 09a5def7e28a..6a517282068d 100644 > > --- a/Documentation/ABI/testing/ima_policy > > +++ b/Documentation/ABI/testing/ima_policy > > @@ -24,7 +24,8 @@ Description: > > [euid=] [fowner=] [fsname=] [subtype=]] > > lsm: [[subj_user=] [subj_role=] [subj_type=] > > [obj_user=] [obj_role=] [obj_type=]] > > - option: [[appraise_type=]] [permit_directio] > > + option: [[appraise_type=] [permit_directio] > > + [trust_vfs]] > > Let's generalize "trust_vfs" a bit. How about introducing > "collect_type=", with the default being reading and calculating the > file hash? The naming might be based on the VFS name (e.g vfs_read, vfs_get_hash) or on the file_operations name (eg. read, get_hash). Mimi
