Menu
▾
▴
Re: [Linux-ima-devel] [PATCH 2/5] ima: added ima_policy_flag variable
|
From: Mimi Z. <zo...@li...> - 2014-09-12 16:34:43
|
On Fri, 2014-09-12 at 18:25 +0200, Roberto Sassu wrote: > On 09/12/2014 06:21 PM, Dmitry Kasatkin wrote: > > On 12/09/14 19:12, Roberto Sassu wrote: > >> On 09/12/2014 06:06 PM, Dmitry Kasatkin wrote: > > ima_update_policy_flag() is called from 2 places. > > > > 1. from ima_init_policy > > so you set ima_policy_flag. > > > > But it is not completion of ima_init() initcall.. > > So it might be so that ima_initialized will not be set but you already > > set policy flag... > > > > So just move ima_update_policy_flag from ima_init_policy to ima_init... > > > > 2. from ima_update_policy.. > > here you have ima_initialized set or not.. > > so you can clear the policy flag or not to update policy at all... > > > > > > Hope it is clear.. > > > > Ok, thanks. ima_policy_flag should be dependent on ima_initialized. > But I think it is safe to keep the two information separated: > ima_initialized tells the current state of IMA and ima_policy_flag > tells the content of the policy. > > ima_initialized should not be tested (I declared it as static). > In place of this check, just call ima_enabled(). Is it not sufficient? As discussed, there's no need for ima_enabled(). Mimi |