Re: [Linux-ima-user] CONFIG_IMA_LSM_RULES depends on CONFIG_AUDIT?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Mon, 2015-07-13 at 08:56 -0400, Mimi Zohar wrote:
> On Mon, 2015-07-13 at 14:49 +0200, Patrick Ohly wrote:
> > But why does CONFIG_IMA_LSM_RULES depend on audit support? The LSM part
> > of the policy has nothing to do with logging. I'm referring to the "&&
> > AUDIT" part in security/integrity/ima/Kconfig:
> > 
> > config IMA_LSM_RULES
> >         bool
> >         depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)
> >         default y
> >         help
> >           Disabling this option will disregard LSM based policy rules.
> > 
> 
> The commit "b53fab9 ima: fix build error" patch description gives a full
> explanation.

That points in the right direction (security_audit_rule_match), thanks.

Do you have an opinion about the performance impact of CONFIG_AUDIT?

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.