Hi Mimi, > > OK, I have v2 which use CONFIG_IMA_DEFAULT_HASH, I'll post it tomorrow. > > But I'd also keep this patch as well, this check doesn't harm and IMHO you can never be > > sure it does not fail. > Adding a new measurement gap is not an acceptable solution. Either an > ima_init() failure causes the kernel to panic, or we force IMA to use > the default builtin Kconfig hash algorithm. Thank you for a clarification. I posted new patch which forces using default hash in case of error and using different algorithm. I don't know whether even this (third) attempt (to use default hash) can fail, but in case it can, how do you prefer to handle this situation? If you really prefer kernel panic (e.g. don't like previous patch fixing at least ima_post_path_mknod()), I suggest removing ima_initialized as it's unused and confusing. > Mimi Kind regards, Petr
