Hi Vitaly, On Mon, 2018-11-26 at 07:39 +0300, Vitaly Chikunov wrote: > Keep ima/evm attributes in user namespace instead of security namespace. > Would be useful for testing purposes without having root privileges, > easier to understand, and because --sigfile does not work for evm > signatures. The patch looks fine, but the patch description could use some rewriting. The IMA/EVM attributes are currently stored in the "security" namespace, which requires root privileges. Storing the ima/evm attributes in the "user" namespace, instead of the "security" namespace, would be useful for testing purposes. Please expand this: "and because --sigfile does not work for evm signatures." Conclude with, this patch defines the "--xattr-user" option for testing. Mimi