From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mimi Zohar <zohar@linux.ibm.com>
Subject: Re: [PATCH v13 26/25] Audit: Multiple LSM support in audit rules
Date: Thu, 09 Jan 2020 11:33:27 -0500
Message-ID: <1578587607.5147.63.camel@linux.ibm.com>
References: <20191224235939.7483-1-casey.ref@schaufler-ca.com>
         <20191224235939.7483-1-casey@schaufler-ca.com>
         <ee5e4cea-b6c1-fa12-30de-8fc9007d69e9@schaufler-ca.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Return-path: <linux-security-module-owner@vger.kernel.org>
In-Reply-To: <ee5e4cea-b6c1-fa12-30de-8fc9007d69e9@schaufler-ca.com>
Sender: owner-linux-security-module@vger.kernel.org
To: Casey Schaufler <casey@schaufler-ca.com>, casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, "linux-audit@redhat.com" <linux-audit@redhat.com>, linux-integrity@vger.kernel.org
List-Id: linux-audit@redhat.com

Hi Casey,

On Fri, 2020-01-03 at 10:53 -0800, Casey Schaufler wrote:
> With multiple possible security modules supporting audit rule
> it is necessary to keep separate data for each module in the
> audit rules. This affects IMA as well, as it re-uses the audit
> rule list mechanisms.

While reviewing this patch, I realized there was a bug in the base IMA
code.  With Janne's bug fix, that he just posted, I think this patch
can now be simplified.

My main concern is the number of warning messages that will be
generated.  Any time a new LSM policy is loaded, the labels will be
re-evaulated whether or not they are applicable to the particular LSM,
causing unnecessary warnings.

Mimi