On Wed, 2019-10-23 at 07:49 -0700, Lakshmi Ramasubramanian wrote: > On 10/23/19 6:22 AM, Mimi Zohar wrote: > > Thanks for reviewing the changes Mimi. > I'll address your comments and post an updated patch set shortly. > > >> Add a new ima hook to measure keys added to builtin_trusted_keys > >> keyring. > > > > There is no IMA hook in this patch. > > > > >> + else if (strcmp(args[0].from, > >> + "BUILTIN_TRUSTED_KEYS") == 0) > >> + entry->func = BUILTIN_TRUSTED_KEYS; > >> else > >> result = -EINVAL; > >> if (!result) > > > > Any new options need to be displayed as well. > > Not that I can think of. Please correct me if I am wrong. True, since you're hard coding the policy.
