> On Dec 17, 2024, at 1:29 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > > On 12/17/2024 12:25 PM, Song Liu wrote: >> While reading and testing LSM code, I found IMA/EVM consume per inode >> storage even when they are not in use. Add options to diable them in >> kernel command line. The logic and syntax is mostly borrowed from an >> old serious [1]. > > Why not omit ima and evm from the lsm= parameter? Both ima and evm have LSM_ORDER_LAST, so they are not controlled by lsm= parameter. But we can probably change this behavior in ordered_lsm_parse(), so that ima and evm are controlled by lsm=. Thanks, Song > >> >> [1] https://lore.kernel.org/lkml/cover.1398259638.git.d.kasatkin@xxxxxxxxxxx/ >> >> Song Liu (2): >> ima: Add kernel parameter to disable IMA >> evm: Add kernel parameter to disable EVM >> >> security/integrity/evm/evm.h | 6 ++++++ >> security/integrity/evm/evm_main.c | 22 ++++++++++++++-------- >> security/integrity/evm/evm_secfs.c | 3 ++- >> security/integrity/ima/ima_main.c | 13 +++++++++++++ >> 4 files changed, 35 insertions(+), 9 deletions(-) >> >> -- >> 2.43.5 >>
