On Sat, Dec 21, 2019 at 12:41 PM Janne Karhunen <janne.karhunen@xxxxxxxxx> wrote: > > Should the kernel be involved in writing the IMA measurement list to a > > file or, as Dave suggested, this should be delegated to a userspace > > application? > > That is a good question. I went this way as it did not feel right to > me that the kernel would depend on periodic, reliable userspace > functionality to stay running (we would have a circular dependency). > The thing is, once the kernel starts to run low on memory, it may kill > that periodic daemon flushing the data for reasons unrelated to IMA. Besides the dependency, I think the requirement should be that we can survive the basic test of 'while true; do touch $RANDOM; done' at least until we run out of allocated diskspace. While arranging this with userspace flushers is not impossible, it is order of magnitude more complex to do correctly than just letting the kernel write the file. Even if it feels somewhat unorthodox. Above patch survives that test case with 3 line addition via a workqueue. Once the admin points IMA to some mount, the above test case (while loop creating files full speed) will run a long, long time. Effectively this is really just kernel doing its own memory management as it should. Flush out the dirty pages you do not really need to stay running. -- Janne
