On Fri, 2020-07-24 at 15:18 +0200, Petr Vorel wrote: > > > Other than the policy "action" - measure/dont_measure, > > audit/dont_audit, appraise/dont_appraise - being the first keyword, > > the ordering of the policy options and flags is flexible. Most > > policies do provide the "func" option immediately following the > > "action". This would normally work. > OK, is this correct? > if ! grep '^measure.*func=KEXEC_CMDLINE' $IMA_POLICY >/dev/null; then Yes, that works. > > @Mimi, @Lachlan: if you both ack my changes, I can fix the code before merging. That's fine. Feel free to add my Reviewed-by. Mimi > If there are more changes needed and thus Lachlan plan new version, please use > my patches from https://patchwork.ozlabs.org/project/ltp/list/?series=191990&state=* > (download https://patchwork.ozlabs.org/series/191990/mbox/ and import it with "git am") > or clone my github fork and use kexec.v3.fixes branch: > https://github.com/pevik/ltp/tree/ima/kexec.v3.fixes).
