On Fri, 2019-06-07 at 08:46 +0200, Roberto Sassu wrote: > On 6/7/2019 12:45 AM, Mimi Zohar wrote: > > On Thu, 2019-06-06 at 10:09 +0200, Roberto Sassu wrote: > >> On 6/5/2019 9:10 PM, Mimi Zohar wrote: > >>> On Wed, 2019-06-05 at 11:12 -0700, Matthew Garrett wrote: > >>>> On Tue, Jun 4, 2019 at 4:39 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > >>>>> Matthew, what is a "profile"? Could we rename this patch to something > >>>>> clearer? Maybe something like "support for per policy rule template > >>>>> formats"? > >>>> > >>>> Sounds good to me. Could you also add an Inspired-By: Roberto Sassu > >>>> <roberto.sassu@xxxxxxxxxx> ? > >>> > >>> Thanks, done. > >> > >> Thanks Matthew. > >> > >> If the patch it is not merged yet, please define and initialize the > >> template_name variable in ima_policy_show() as the same as in > >> ima_measurement_show(). > > > > The policy rule processing should prevent loading a custom policy with > > a template rule, without specifying a valid template name. Why does > > ima_policy_show() need to initialize entry->template->name? > > The last element of builtin_templates is reserved for a custom format > that can be specified with the ima_template_fmt= kernel option. This > last element has name length equal to zero. It can be found by > lookup_template_desc() if specified in a policy rule. Right, so that would be added with the per policy rule template fields support. Mimi
