Re: [PATCH] IMA: Add log statements for failure conditions

On 6/5/20 1:49 PM, Paul Moore wrote: > >> Since a pr_xyz() call was already present, I just wanted to change the >> log level to keep the code change to the minimum. But if audit log is >> the right approach for this case, I'll update. > > Generally we reserve audit for things that are required for various > security certifications and/or "security relevant". From what you > mentioned above, it seems like this would fall into the second > category if not the first. > > Looking at your patch it doesn't look like you are trying to record > anything special so you may be able to use the existing > integrity_audit_msg(...) helper. Of course then the question comes > down to the audit record type (the audit_msgno argument), the > operation (op), and the comm/cause (cause). > > Do you feel that any of the existing audit record types are a good fit for this? > Maybe I can use the audit_msgno "AUDIT_INTEGRITY_PCR" with appropriate strings for "op" and "cause". Mimi - please let me know if you think this audit_msgno would be ok to use. I see this code used, for instance, for boot aggregate measurement. integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op, audit_cause, result, 0);