Hi Matthew, Below is one additional comment. On Fri, 2019-05-24 at 09:31 -0400, Mimi Zohar wrote: > > diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c > > index 357edd140c09..f23069d9e43d 100644 > > --- a/security/integrity/ima/ima_main.c > > +++ b/security/integrity/ima/ima_main.c > > > @@ -275,7 +276,9 @@ static int process_measurement(struct file *file, const struct cred *cred, > > goto out_locked; > > } > > > > - template_desc = ima_template_desc_current(); > > + if (!template_desc) > > + template_desc = ima_template_desc_current(); This should be moved into ima_match_policy(), so that a valid template is always returned from ima_get_action(). thanks, Mimi >
