On Fri, 2018-03-23 at 11:54 +0100, Petr Vorel wrote:
> Hello Mimi,
>
> > Agreed, the previous version was simpler/better. My complaint with
> > the previous version was that there was an error message, but
> > continued without any indication of how it was resolved. Changing the
> > message in ima_init_crypto() is one solution, but adding an additional
> > message works too. Would this work for you?
>
> > @@ -73,6 +73,8 @@ int __init ima_init_crypto(void)
> > hash_algo_name[ima_hash_algo], rc);
> > return rc;
> > }
> > + pr_info("Allocated default hash algorithm: %s\n",
> > + hash_algo_name[ima_hash_algo]);
> > return 0;
> > }
> Well, this is not correct, as if you specify correct (i.e. buildin) non default algorithm, it's said to
> be the default. e.g. ima_hash=md5
> [ 2.161089] ima: Allocated default hash algorithm: md5
> Just a detail, but why not be precise?
> Going to post a version which fixes that having a message in ima_init_crypto().
Oh, I see your point! If a file is signed, the measurement list will
contain the file hash based on the file signature's hash algorithm.
"default", in this case, refers to the hash algorithm for unsigned
files.
Thank you for making the message clearer, less ambiguous.
Mimi
