> On Dec 17, 2024, at 1:59 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Tue, Dec 17, 2024 at 4:29 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: >> On 12/17/2024 12:25 PM, Song Liu wrote: >>> While reading and testing LSM code, I found IMA/EVM consume per inode >>> storage even when they are not in use. Add options to diable them in >>> kernel command line. The logic and syntax is mostly borrowed from an >>> old serious [1]. >> >> Why not omit ima and evm from the lsm= parameter? > > Exactly. Here is a link to the kernel documentation if anyone is > interested (search for "lsm"): > > https://docs.kernel.org/admin-guide/kernel-parameters.html > > It is worth mentioning that this works for all the LSMs. I guess this is a bug that ima and evm do cannot be disabled by (not being add to) lsm= parameter? Thanks, Song > >>> [1] https://lore.kernel.org/lkml/cover.1398259638.git.d.kasatkin@xxxxxxxxxxx/ >>> >>> Song Liu (2): >>> ima: Add kernel parameter to disable IMA >>> evm: Add kernel parameter to disable EVM >>> >>> security/integrity/evm/evm.h | 6 ++++++ >>> security/integrity/evm/evm_main.c | 22 ++++++++++++++-------- >>> security/integrity/evm/evm_secfs.c | 3 ++- >>> security/integrity/ima/ima_main.c | 13 +++++++++++++ >>> 4 files changed, 35 insertions(+), 9 deletions(-) >>> >>> -- >>> 2.43.5 > > -- > paul-moore.com
