From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mimi Zohar Subject: Re: [PATCH v13 26/25] Audit: Multiple LSM support in audit rules Date: Sun, 12 Jan 2020 10:37:10 -0500 Message-ID: <1578843430.4546.45.camel@linux.ibm.com> References: <20191224235939.7483-1-casey.ref@schaufler-ca.com> <20191224235939.7483-1-casey@schaufler-ca.com> <1578587607.5147.63.camel@linux.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Return-path: In-Reply-To: Sender: owner-linux-security-module@vger.kernel.org To: Casey Schaufler , casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, "linux-audit@redhat.com" , linux-integrity@vger.kernel.org List-Id: linux-audit@redhat.com On Fri, 2020-01-10 at 11:40 -0800, Casey Schaufler wrote: > On 1/9/2020 8:33 AM, Mimi Zohar wrote: > > Hi Casey, > > > > On Fri, 2020-01-03 at 10:53 -0800, Casey Schaufler wrote: > >> With multiple possible security modules supporting audit rule > >> it is necessary to keep separate data for each module in the > >> audit rules. This affects IMA as well, as it re-uses the audit > >> rule list mechanisms. > > While reviewing this patch, I realized there was a bug in the base IMA > > code.  With Janne's bug fix, that he just posted, I think this patch > > can now be simplified. > > How and when do you plan to get Janne's fix in? It's looking like > stacking won't be in for 5.6. The patch is now in the next-integrity-testing branch.  We'll see how it goes. > > > My main concern is the number of warning messages that will be > > generated.  Any time a new LSM policy is loaded, the labels will be > > re-evaulated whether or not they are applicable to the particular LSM, > > causing unnecessary warnings. > > Uhg.