Hello Al, Certain file system types and partitions will never be measured or appraised depending on the IMA policy. For example, pseudo file systems are not measured and appraised. In upstream IMA implementation policy will be checked again and again for every inode in the filesystem. It happens thousands times per second. That is absolute waste of CPU and may be batter resources. To overcome such issue I would like to have a flag in super block data structure which can be set once if IMA does not need to measure anything from a partition.. The flag might be tested by ima hooks to return without doing anything. I looked to <linux/fs.h> and found that there is a possibility to to add additional flag for sb->s_flags. For example #define MS_NOT_IMA (1<<25) /* NOT_IMA */ #define IS_I_NOT_IMA(inode) __IS_FLG(inode, MS_NOT_IMA) Another way is to add additional dedicated member to the sb structure. Can you please advice about this? Thanks, Dmitry -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
