Hi Janne, On Fri, 2020-01-10 at 10:48 +0200, Janne Karhunen wrote: > On Wed, Jan 8, 2020 at 1:18 PM Janne Karhunen <janne.karhunen@xxxxxxxxx> wrote: > > > > Some systems can end up carrying lots of entries in the ima > > measurement list. Since every entry is using a bit of kernel > > memory, allow the sysadmin to export the measurement list to > > the filesystem to free up some memory. > > Hopefully this addressed comments from everyone. The flush event can > now be triggered by the admin anytime and unique file names can be > used for each flush (log.1, log.2, ...) etc, so getting to the correct > item should be easy. > > While it can now be argued that since this is an admin-driven event, > kernel does not need to write the file. However, the intention is to > bring out a second patch a bit later that adds a variable to define > the max number of entries to be kept in the kernel memory and > workqueue based automatic flushing. In those cases the kernel has to > be able to write the file without any help from the admin.. I don't think it is common, and probably not acceptable, for the kernel to open a file for writing. As exporting the binary measurement list should be the equivalent of displaying the binary measurement list and redirecting the output to a file, the same mechanism used for displaying the binary measurement list should be re-used for exporting it. Just as carrying the measurement list across kexec re-uses the same method. Mimi
