Hi all, I have a question regard to kernel IMA module. I’ve enabled IMA on one of my Linux server with `ima=on ima_policy=tcb` everything seems working fine. The only issue is that after about a week the `/sys/kernel/security/ima/ascii_runtime_measurements` grow out of control. As for now I have about 80K items in the file. I also have a customized attestation application that compares the runtime measurements with a list of known “good” measurements. this size of runtime measurements make it substantially long to run the attestation application. Is there a way to limit the size of the `/sys/kernel/security/ima/ascii_runtime_measurements` (not ideal, since some important info might get lost) Is there a way to clean the items in `/sys/kernel/security/ima/ascii_runtime_measurements` (also not ideal, for the same reason as above) Is there a way to control which file the kernel measures (e.g., I found lot of /tmp files are measured which are not necessary) Will the kernel running out of memory? Any suggestions will be deeply appreciated! Thank you -Daniel _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
