From: Mimi Zohar <zohar@linux.ibm.com>
To: Roberto Sassu <roberto.sassu@huawei.com>,
Matthew Garrett <mjg59@google.com>
Cc: linux-integrity <linux-integrity@vger.kernel.org>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
prakhar srivastava <prsriva02@gmail.com>,
Thiago Jung Bauermann <bauerman@linux.ibm.com>
Subject: Re: [PATCH V4] IMA: Allow profiles to define the desired IMA template
Date: Fri, 07 Jun 2019 07:42:07 -0400 [thread overview]
Message-ID: <1559907727.4278.222.camel@linux.ibm.com> (raw)
In-Reply-To: <b2e6f9c5-792c-8205-956d-468d059ea296@huawei.com>
On Fri, 2019-06-07 at 08:46 +0200, Roberto Sassu wrote:
> On 6/7/2019 12:45 AM, Mimi Zohar wrote:
> > On Thu, 2019-06-06 at 10:09 +0200, Roberto Sassu wrote:
> >> On 6/5/2019 9:10 PM, Mimi Zohar wrote:
> >>> On Wed, 2019-06-05 at 11:12 -0700, Matthew Garrett wrote:
> >>>> On Tue, Jun 4, 2019 at 4:39 PM Mimi Zohar <zohar@linux.ibm.com> wrote:
> >>>>> Matthew, what is a "profile"? Could we rename this patch to something
> >>>>> clearer? Maybe something like "support for per policy rule template
> >>>>> formats"?
> >>>>
> >>>> Sounds good to me. Could you also add an Inspired-By: Roberto Sassu
> >>>> <roberto.sassu@huawei.com> ?
> >>>
> >>> Thanks, done.
> >>
> >> Thanks Matthew.
> >>
> >> If the patch it is not merged yet, please define and initialize the
> >> template_name variable in ima_policy_show() as the same as in
> >> ima_measurement_show().
> >
> > The policy rule processing should prevent loading a custom policy with
> > a template rule, without specifying a valid template name. Why does
> > ima_policy_show() need to initialize entry->template->name?
>
> The last element of builtin_templates is reserved for a custom format
> that can be specified with the ima_template_fmt= kernel option. This
> last element has name length equal to zero. It can be found by
> lookup_template_desc() if specified in a policy rule.
Right, so that would be added with the per policy rule template fields
support.
Mimi
next prev parent reply other threads:[~2019-06-07 11:42 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-04 20:38 [PATCH V4] IMA: Allow profiles to define the desired IMA template Matthew Garrett
2019-06-04 23:38 ` Mimi Zohar
2019-06-05 18:12 ` Matthew Garrett
2019-06-05 19:10 ` Mimi Zohar
2019-06-06 8:09 ` Roberto Sassu
2019-06-06 22:45 ` Mimi Zohar
2019-06-07 6:46 ` Roberto Sassu
2019-06-07 11:42 ` Mimi Zohar [this message]
2019-06-06 8:11 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1559907727.4278.222.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=bauerman@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=mjg59@google.com \
--cc=prsriva02@gmail.com \
--cc=roberto.sassu@huawei.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.