On Wed, 2022-11-02 at 09:42 +0800, Guozihua (Scott) wrote: > > As I only see an IMA measurement policy rule being loaded for > > "unlabeled_t" and not "user_home_t", should I assume that an IMA > > measurement rule already exists for "user_home_t"? > > There wasn't a rule for user_home_t. These scripts demonstrate that > during a selinux policy reload, IMA would measure files that is not in > the range of it's LSM based rules. Which is the issue I am trying to fix. > > In this test, we only have one rule for measuring files of type > unlabeled_t. However, during selinux policy reload, file of user_home_t > is also measured. Thanks, Scott. After tweaking the scripts for my system, I was able to reproduce the bug. This patch set is now queued in next-integrity. -- thanks, Mimi
