From: Christoph Hellwig <hch@infradead.org>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Christoph Hellwig <hch@infradead.org>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
James Morris <jmorris@namei.org>,
Al Viro <viro@ZenIV.linux.org.uk>,
David Safford <safford@watson.ibm.com>,
Serge Hallyn <serue@linux.vnet.ibm.com>,
Mimi Zohar <zohar@us.ibm.com>
Subject: Re: [PATCH 2/6] integrity: Linux Integrity Module(LIM)
Date: Wed, 3 Dec 2008 15:25:43 -0500 [thread overview]
Message-ID: <20081203202543.GA16279@infradead.org> (raw)
In-Reply-To: <20081203201320.GA17785@hallyn.com>
On Wed, Dec 03, 2008 at 02:13:20PM -0600, Serge E. Hallyn wrote:
> > Can you explain what all this template stuff is about? The only method
> > of these ever called is display_template,
>
> I'm not sure what you mean here - must_measure for instance is used (in
> patch 3) in the integrity hooks (i.e. file_mmap) to decide whether or not
> the object (action target) must be measured.
ima_must_measure (or the other implementation bits) are called a lot.
But never through the indirection I quoted.
> > and that seems to be better
> > implented directly as a securityfs file, without the indirection.
>
> That comment doesn't make sense to me (unless you're saying to punt
> on the generic integrity infrastructure and hook all of the IMA
> code straight into the kernel) so I suspect I'm misreading
> something.
ima_measurements_show alaways calls ima_template_show, and both are
implemented inside the ima module. There's absolutely no point for the
indirection here.
next prev parent reply other threads:[~2008-12-03 20:38 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-03 20:13 [PATCH 2/6] integrity: Linux Integrity Module(LIM) Serge E. Hallyn
2008-12-03 20:25 ` Christoph Hellwig [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-12-02 21:47 [PATCH 0/6] integrity Mimi Zohar
2008-12-02 21:47 ` [PATCH 2/6] integrity: Linux Integrity Module(LIM) Mimi Zohar
2008-12-02 22:43 ` Dave Hansen
2008-12-03 18:15 ` Mimi Zohar
2008-12-03 18:25 ` Dave Hansen
2008-12-03 12:30 ` Christoph Hellwig
2008-12-03 18:18 ` Mimi Zohar
2008-12-03 18:23 ` Christoph Hellwig
2008-12-03 22:17 ` Mimi Zohar
2008-12-04 13:09 ` Christoph Hellwig
2008-12-04 19:24 ` Serge E. Hallyn
2008-12-04 20:53 ` david safford
2008-12-05 1:42 ` James Morris
2008-12-05 12:56 ` david safford
2008-12-05 15:23 ` Serge E. Hallyn
2008-12-05 17:14 ` david safford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081203202543.GA16279@infradead.org \
--to=hch@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=safford@watson.ibm.com \
--cc=serge@hallyn.com \
--cc=serue@linux.vnet.ibm.com \
--cc=viro@ZenIV.linux.org.uk \
--cc=zohar@linux.vnet.ibm.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.