On Wed, Oct 18, 2017 at 11:19 AM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: > The IMA_NEW_FILE check is applicable only when there are no security > xattrs (INTEGRITY_NOXATTRS), which would not be the case after writing > the first security xattr. The return result in that case is > INTEGRITY_NOLABEL, meaning no security.evm. Ah, of course. Ok, how about going with my proposal with an intention to relax the restriction around it and HMAC support once we have a mechanism for setting multiple xattrs at once?
