From: Dmitry Kasatkin <d.kasatkin@samsung.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>,
Roberto Sassu <roberto.sassu@polito.it>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-ima-devel@lists.sourceforge.net,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [Linux-ima-devel] [PATCH v2 3/4] ima: check appraisal flag in the ima_file_free() hook
Date: Thu, 02 Oct 2014 16:12:43 +0300 [thread overview]
Message-ID: <542D4F4B.90400@samsung.com> (raw)
In-Reply-To: <1412255026.15991.32.camel@dhcp-9-2-203-236.watson.ibm.com>
On 02/10/14 16:03, Mimi Zohar wrote:
>> Ok, thanks.
>> >
>> > Acked-by: Roberto Sassu <roberto.sassu@polito.it>
>> >
>> > Roberto Sassu
> Thanks, Dmitry, Roberto. The patch and update description looks good.
> Please post the updated patch inline here on the mailing list.
>
> thanks,
>
> Mimi
>
>
Mimi, patch is the same what I posted 9:21 GMT and what Roberto acked.
Patch description updated based on Roberto's and Your comments
ima: check ima_policy_flag in the ima_file_free() hook
This patch completes the switching to the 'ima_policy_flag' variable
in the checks at the beginning of IMA functions, starting with the
commit a756024e.
Checking 'iint_initialized' is completely unnecessary, because
S_IMA flag is unset if iint was not allocated. At the same time
the integrity cache is allocated with SLAB_PANIC and the kernel will
panic if the allocation fails during kernel initialization. So on
a running system iint_initialized is always true and can be removed.
Changes in v3:
* not limiting test to IMA_APPRAISE (spotted by Roberto Sassu)
Changes in v2:
* 'iint_initialized' removal patch merged to this patch (requested
by Mimi)
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Acked-by: Roberto Sassu <roberto.sassu@polito.it>
next prev parent reply other threads:[~2014-10-02 13:12 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-01 18:43 [PATCH v2 0/4] integrity: few code cleanups Dmitry Kasatkin
2014-10-01 18:43 ` [PATCH v2 1/4] integrity: add missing '__init' keyword for integrity_init_keyring() Dmitry Kasatkin
2014-10-01 18:43 ` [PATCH v2 2/4] evm: skip replacing EVM signature with HMAC on read-only filesystem Dmitry Kasatkin
2014-10-01 18:43 ` [PATCH v2 3/4] ima: check appraisal flag in the ima_file_free() hook Dmitry Kasatkin
2014-10-02 8:26 ` [Linux-ima-devel] " Roberto Sassu
2014-10-02 9:21 ` [PATCH 1/1] ima: check ima_policy_flag " Dmitry Kasatkin
2014-10-02 9:30 ` [Linux-ima-devel] [PATCH v2 3/4] ima: check appraisal flag " Dmitry Kasatkin
2014-10-02 10:06 ` Roberto Sassu
2014-10-02 10:43 ` Dmitry Kasatkin
2014-10-02 11:42 ` Roberto Sassu
2014-10-02 13:03 ` Mimi Zohar
2014-10-02 13:12 ` Dmitry Kasatkin [this message]
2014-10-01 18:43 ` [PATCH v2 4/4] ima: use path names cache Dmitry Kasatkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=542D4F4B.90400@samsung.com \
--to=d.kasatkin@samsung.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-ima-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=roberto.sassu@polito.it \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.