Re: [PATCH v13 26/25] Audit: Multiple LSM support in audit rules
Hi Casey,
On Fri, 2020-01-03 at 10:53 -0800, Casey Schaufler wrote:
With multiple possible security modules supporting audit rule
it is necessary to keep separate data for each module in the
audit rules. This affects IMA as well, as it re-uses the audit
rule list mechanisms.
While reviewing this patch, I realized there was a bug in the base IMA
code. With Janne's bug fix, that he just posted, I think this patch
can now be simplified.
My main concern is the number of warning messages that will be
generated. Any time a new LSM policy is loaded, the labels will be
re-evaulated whether or not they are applicable to the particular LSM,
causing unnecessary warnings.
Mimi