On Sat, 2019-12-21 at 12:41 +0200, Janne Karhunen wrote: > On Fri, Dec 20, 2019 at 4:04 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> > wrote: > > > Should the kernel be involved in writing the IMA measurement list > > to a > > file or, as Dave suggested, this should be delegated to a userspace > > application? > > That is a good question. I went this way as it did not feel right to > me that the kernel would depend on periodic, reliable userspace > functionality to stay running (we would have a circular dependency). > The thing is, once the kernel starts to run low on memory, it may > kill > that periodic daemon flushing the data for reasons unrelated to IMA. > I'm happy with either way (kernel writing, or userspace reading) the data, but with the v1 patch, there is no way for userspace to force that the list be flushed - it only flushes on full. I think it is important for userspace to be able to trigger a flush, such as just prior to a kexec, or prior to an attestation. Perhaps you could simply remove the length test in ima_export_list(), and export anytime the filename is provided? This could simplify attestation clients, which could ask for different files each time (list.1, list.2...), for automatic log maintenance. Since the template format does not have sequence numbers, this would also help keep track which records have already been seen. dave
