Re: [PATCH v13 26/25] Audit: Multiple LSM support in audit rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Casey,

On Fri, 2020-01-03 at 10:53 -0800, Casey Schaufler wrote:
> With multiple possible security modules supporting audit rule
> it is necessary to keep separate data for each module in the
> audit rules. This affects IMA as well, as it re-uses the audit
> rule list mechanisms.

While reviewing this patch, I realized there was a bug in the base IMA
code.  With Janne's bug fix, that he just posted, I think this patch
can now be simplified.

My main concern is the number of warning messages that will be
generated.  Any time a new LSM policy is loaded, the labels will be
re-evaulated whether or not they are applicable to the particular LSM,
causing unnecessary warnings.

Mimi




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux