On Fri, Dec 20, 2019 at 9:49 AM Janne Karhunen <janne.karhunen@xxxxxxxxx> wrote: > Some systems can end up carrying lots of entries in the ima > measurement list. Since every entry is using a bit of kernel > memory, add a new Kconfig variable to allow the sysadmin to > define the maximum measurement list size and the location > of the exported list. This patch now passes some basic test runs and looks to me it's doing things correctly, if others are willing to give it a spin. My basic test case for this is a simple bash for loop, creating thousands of files and using this trigger to free the list. Once we have the workqueue, the list free job should probably be triggered from the ima_store_measurement() when the htable length says so. This way the list will always stay truncated to the right size and no-one has to poll. When it comes to the oddity that kernel is creating files, the facts are: 1) the data cannot be kept in the memory forever, 2) the data cannot be thrown away. So, what are the options. I didn't see any other obvious way. Luckily there was a ready API for the job. -- Janne
