From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Petr Vorel <pvorel@suse.cz>, linux-integrity@vger.kernel.org
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Subject: Re: [PATCH v2 0/2] ima: Fallback to the builtin hash algorithm
Date: Thu, 22 Mar 2018 15:38:55 -0400 [thread overview]
Message-ID: <1521747535.3848.273.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20180322144313.28748-1-pvorel@suse.cz>
On Thu, 2018-03-22 at 15:43 +0100, Petr Vorel wrote:
> Hello Mimi,
>
> Changes v1->v2:
> * Move loading buildin hash algorithm to ima_init_crypto() (as requested)
> * Add crypto_alloc_shash() (DRY)
>
> [1]:
> > The first call to ima_init() emits an error, but we continue without
> > any further messages. If the change was in ima_init_crypto(), the
> > error message could indicate the resolution.
> I cannot say I like v2 as change in ima_init_crypto() requires more
> changes due updating ima_hash_algo. IMHO v1 with added simple error
> message would be better. I probably didn't understand what exactly you
> wanted to log in ima_init_crypto(). Am I missing something?
Agreed, the previous version was simpler/better. My complaint with
the previous version was that there was an error message, but
continued without any indication of how it was resolved. Changing the
message in ima_init_crypto() is one solution, but adding an additional
message works too. Would this work for you?
@@ -73,6 +73,8 @@ int __init ima_init_crypto(void)
hash_algo_name[ima_hash_algo], rc);
return rc;
}
+ pr_info("Allocated default hash algorithm: %s\n",
+ hash_algo_name[ima_hash_algo]);
return 0;
}
Mimi
> If you like this version, you may want to squash it into single commit.
>
> Kind regards,
> Petr
>
> [1]: https://marc.info/?l=linux-integrity&m=152155002608419&w=2
>
> Petr Vorel (2):
> ima: Introduce ima_alloc_alg() to reduce duplicity
> ima: Fallback to the builtin hash algorithm
>
> security/integrity/ima/ima.h | 1 +
> security/integrity/ima/ima_crypto.c | 58 +++++++++++++++++++++++++++----------
> security/integrity/ima/ima_main.c | 26 ++---------------
> 3 files changed, 47 insertions(+), 38 deletions(-)
>
next prev parent reply other threads:[~2018-03-22 19:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-22 14:43 [PATCH v2 0/2] ima: Fallback to the builtin hash algorithm Petr Vorel
2018-03-22 14:43 ` [PATCH v2 1/2] ima: Introduce ima_alloc_alg() to reduce duplicity Petr Vorel
2018-03-22 14:43 ` [PATCH v2 2/2] ima: Fallback to the builtin hash algorithm Petr Vorel
2018-03-22 19:38 ` Mimi Zohar [this message]
2018-03-23 10:54 ` [PATCH v2 0/2] " Petr Vorel
2018-03-23 13:25 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1521747535.3848.273.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=pvorel@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.