Re: [PATCH v13 26/25] Audit: Multiple LSM support in audit rules
On 1/9/2020 8:33 AM, Mimi Zohar wrote:
Hi Casey,
On Fri, 2020-01-03 at 10:53 -0800, Casey Schaufler wrote:
> With multiple possible security modules supporting audit rule
> it is necessary to keep separate data for each module in the
> audit rules. This affects IMA as well, as it re-uses the audit
> rule list mechanisms.
While reviewing this patch, I realized there was a bug in the base IMA
code. With Janne's bug fix, that he just posted, I think this patch
can now be simplified.
How and when do you plan to get Janne's fix in? It's looking like
stacking won't be in for 5.6.
My main concern is the number of warning messages that will be
generated. Any time a new LSM policy is loaded, the labels will be
re-evaulated whether or not they are applicable to the particular LSM,
causing unnecessary warnings.
Uhg.
Mimi