On 10/26/2010 06:53 AM, John Stoffel wrote: > > No. What I was trying to get at, and probably poorly, was the comment > you made about having to keep the IMA data structures around, even if > IMA has been disabled, so that you could continue to claim integrity > if IMA was re-enabled. > > So my question is really about the following situation: > > 1. System boots up, IMA is enabled. > 2. SysAdmin notices and turns it off. > - does the IMA overhead (not the per-inode 4 bytes) go away? > - do the various in memory data structures get freed? > - does the pointer in the inode get null'ed? > I think it's reasonable to require a reboot in this case. -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
