On Fri, 2020-01-10 at 11:40 -0800, Casey Schaufler wrote: > On 1/9/2020 8:33 AM, Mimi Zohar wrote: > > Hi Casey, > > > > On Fri, 2020-01-03 at 10:53 -0800, Casey Schaufler wrote: > >> With multiple possible security modules supporting audit rule > >> it is necessary to keep separate data for each module in the > >> audit rules. This affects IMA as well, as it re-uses the audit > >> rule list mechanisms. > > While reviewing this patch, I realized there was a bug in the base IMA > > code. With Janne's bug fix, that he just posted, I think this patch > > can now be simplified. > > How and when do you plan to get Janne's fix in? It's looking like > stacking won't be in for 5.6. The patch is now in the next-integrity-testing branch. We'll see how it goes. > > > My main concern is the number of warning messages that will be > > generated. Any time a new LSM policy is loaded, the labels will be > > re-evaulated whether or not they are applicable to the particular LSM, > > causing unnecessary warnings. > > Uhg.
