IMA happens to measure extra files if LSM based rules are specified and the corresponding LSM is updating its policy. The root cause is explained in the second patch. GUO Zihua (2): ima: Simplify ima_lsm_copy_rule ima: Handle -ESTALE returned by ima_filter_rule_match() security/integrity/ima/ima_policy.c | 38 +++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 10 deletions(-) --- v4: Use a tempory rule instead of updating the rule in place. To do that, also update ima_lsm_copy_rule so we can make use of it. v3: Update current rule instead of just retrying, as suggested by Mimi v2: Fixes message errors pointed out by Mimi -- 2.17.1
