On 6/7/2019 12:45 AM, Mimi Zohar wrote:
On Thu, 2019-06-06 at 10:09 +0200, Roberto Sassu wrote:
On 6/5/2019 9:10 PM, Mimi Zohar wrote:
On Wed, 2019-06-05 at 11:12 -0700, Matthew Garrett wrote:
On Tue, Jun 4, 2019 at 4:39 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
Matthew, what is a "profile"? Could we rename this patch to something
clearer? Maybe something like "support for per policy rule template
formats"?
Sounds good to me. Could you also add an Inspired-By: Roberto Sassu
<roberto.sassu@xxxxxxxxxx> ?
Thanks, done.
Thanks Matthew.
If the patch it is not merged yet, please define and initialize the
template_name variable in ima_policy_show() as the same as in
ima_measurement_show().
The policy rule processing should prevent loading a custom policy with
a template rule, without specifying a valid template name. Why does
ima_policy_show() need to initialize entry->template->name?
The last element of builtin_templates is reserved for a custom format
that can be specified with the ima_template_fmt= kernel option. This
last element has name length equal to zero. It can be found by
lookup_template_desc() if specified in a policy rule.
Roberto
--
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Jian LI, Yanli SHI
