On 11/11/2019 11:32 AM, Lakshmi Ramasubramanian wrote:
Hi Mimi,
Problem Statement:
Keys created or updated in the system are currently not being measured.
This change aims to address measuring keys created or updated
in the system:
=> Patches #1 through #5 update IMA policy functions to handle
measurement of keys based on configured IMA policy.
=> Patches #6 and #7 add IMA hook for measuring keys and the call
to the IMA hook from key_create_or_update function.
Keys are processed immediately - no support for
deferred processing.
=> Patches #8 through #10 add support for queuing keys if
custom IMA policies have not been applied yet and process
the queued keys when custom IMA policies are applied.
I was wondering if it'd be better to split this patch set into two sets:
1st set including the patches for measuring keys without queuing support
(Patches #1 through #7)
2nd set including the patches that add queuing support (Patches #8
through #10).
thanks,
-lakshmi
