On Tue, Sep 2, 2025 at 8:59 AM Roberto Sassu <roberto.sa...@huaweicloud.com> wrote: > > From: Paul Moore <p...@paul-moore.com>
We should obviously drop the 'From:' line above ;) > This patch converts IMA and EVM to use the LSM frameworks's initcall > mechanism. It moved the integrity_fs_init() call to ima_fs_init() and > evm_init_secfs(), to work around the fact that there is no "integrity" LSM, > and introduced integrity_fs_fini() to remove the integrity directory, if > empty. Both integrity_fs_init() and integrity_fs_fini() support the > scenario of being called by both the IMA and EVM LSMs. > > It is worth mentioning that this patch does not touch any of the > "platform certs" code that lives in the security/integrity/platform_certs > directory as the IMA/EVM maintainers have assured me that this code is > unrelated to IMA/EVM, despite the location, and will be moved to a more > relevant subsystem in the future. > > Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com> > --- > security/integrity/evm/evm_main.c | 3 +-- > security/integrity/evm/evm_secfs.c | 11 +++++++++-- > security/integrity/iint.c | 14 ++++++++++++-- > security/integrity/ima/ima_fs.c | 11 +++++++++-- > security/integrity/ima/ima_main.c | 4 ++-- > security/integrity/integrity.h | 2 ++ > 6 files changed, 35 insertions(+), 10 deletions(-) I'm happy to replace my patch with this one, would you like me to wait on an ACK from Mimi, or are you okay if I go ahead with this patch? (As an aside, I'm still not entirely clear if I should wait on ACKs from both you and Mimi on IMA/EVM changes, or if one of the two of you is sufficient? I'm happy to follow whatever approach the two of you would prefer, but I don't know what that is ;) ... ) -- paul-moore.com
