On Tue, May 7, 2019 at 4:46 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > Core file operations (open, close, sync, msync, truncate) > > update the measurement immediately. In order to maintain > > sufficient write performance for writes, add a latency tunable > > delayed work workqueue for computing the re-measurements. > > Would renaming or deleting the file affect the wq? AFAIK no, but maybe it would indeed make sense to throw the wq job away on unlink. Now it may do an extra hash for a file that no longer exists. > > Signed-off-by: Janne Karhunen <janne.karhunen@xxxxxxxxx> > > Signed-off-by: Konsta Karsisto <konsta.karsisto@xxxxxxxxx> > > Good, by only touching the "collected" iint status, re-measuring/re- > appraising files shouldn't be affected. > > As I don't I have a test environment for testing this sort of change, > once the patches are ready, please Cc other interested parties. > Probably some of the embedded mailing lists, yocto, and Patrick Ohly. Ok. > > +++ b/include/linux/ima.h > > @@ -20,6 +20,8 @@ extern int ima_bprm_check(struct linux_binprm *bprm); > > extern int ima_file_check(struct file *file, int mask); > > extern void ima_post_create_tmpfile(struct inode *inode); > > extern void ima_file_free(struct file *file); > > +extern void ima_file_update(struct file *file); > > +extern void ima_delayed_update(struct file *file); > > Instead of using ifdef's before calling these functions, define the > associated stub functions as well. Ok. > > +EXPORT_SYMBOL_GPL(ima_delayed_update); > > Does this need to be exported? The point was that this can be used as a global probe point. Call it when you need something measured. > > + mutex_unlock(&iint->mutex); > > +} > > +EXPORT_SYMBOL_GPL(ima_file_update); > > And here? Like above. Not happy with the idea? -- Janne
