From: Mimi Zohar <zohar@linux.ibm.com>
To: Tushar Sugandhi <tusharsu@linux.microsoft.com>,
stephen.smalley.work@gmail.com, casey@schaufler-ca.com,
gmazyland@gmail.com
Cc: tyhicks@linux.microsoft.com, sashal@kernel.org,
jmorris@namei.org, linux-integrity@vger.kernel.org,
selinux@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, dm-devel@redhat.com,
nramas@linux.microsoft.com
Subject: Re: [PATCH 2/3] IMA: add policy to support measuring critical data from kernel components
Date: Mon, 17 Aug 2020 16:43:02 -0400 [thread overview]
Message-ID: <591b5f09c7df8ef0378866eaf3afde7a7cb4e82f.camel@linux.ibm.com> (raw)
In-Reply-To: <20200812193102.18636-3-tusharsu@linux.microsoft.com>
On Wed, 2020-08-12 at 12:31 -0700, Tushar Sugandhi wrote:
> There would be several candidate kernel components suitable for IMA
> measurement. Not all of them would be enlightened for IMA measurement.
> Also, system administrators may not want to measure data for all of
> them, even when they are enlightened for IMA measurements. An IMA policy
> specific to various kernel components is needed to measure their
> respective critical data.
>
> Add a new IMA policy CRITICAL_DATA+data_sources to support measuring
> various critical kernel components. This policy would enable the
> system administrators to limit the measurement to the components,
> if the components are enlightened for IMA measurement.
"enlightened", really? Please find a different term, maybe something
like "supported".
Before posting a patch set, please look at the patches line by line,
like anyone reviewing the code needs to do. Please minimize code
change. Unnecessary formatting changes are unacceptible. For
example, like the "#define", below, or in 3/3 the
"process_buffer_measurement()" change from void to int.
scripts/Lindent isn't as prevalent as it used to be, but it's still
included in Documentation/process/coding-style.rst. Use it as a guide.
Mimi
next prev parent reply other threads:[~2020-08-17 20:43 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-12 19:30 [PATCH 0/3] IMA: Infrastructure for measurement of critical kernel data Tushar Sugandhi
2020-08-12 19:31 ` [PATCH 1/3] IMA: generalize keyring specific measurement constructs Tushar Sugandhi
2020-08-12 19:31 ` [PATCH 2/3] IMA: add policy to support measuring critical data from kernel components Tushar Sugandhi
2020-08-17 20:43 ` Mimi Zohar [this message]
2020-08-17 22:27 ` Tushar Sugandhi
2020-08-17 23:43 ` Mimi Zohar
2020-08-17 23:45 ` Tushar Sugandhi
2020-08-12 19:31 ` [PATCH 3/3] IMA: define IMA hook to measure " Tushar Sugandhi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=591b5f09c7df8ef0378866eaf3afde7a7cb4e82f.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=casey@schaufler-ca.com \
--cc=dm-devel@redhat.com \
--cc=gmazyland@gmail.com \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nramas@linux.microsoft.com \
--cc=sashal@kernel.org \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=tusharsu@linux.microsoft.com \
--cc=tyhicks@linux.microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox