On Mon, 2025-09-08 at 17:04 -0400, Paul Moore wrote: > On Sun, Sep 7, 2025 at 10:46 PM Mimi Zohar <zo...@linux.ibm.com> wrote: > > On Sun, 2025-09-07 at 21:08 -0400, Paul Moore wrote: > > > On Sun, Sep 7, 2025 at 5:18 PM Mimi Zohar <zo...@linux.ibm.com> wrote: > > > > On Tue, 2025-09-02 at 14:54 +0200, Roberto Sassu wrote: > > > > > From: Paul Moore <p...@paul-moore.com> > > > > > > > > Remove above ... > > > > > > > > > > > > > > This patch converts IMA and EVM to use the LSM frameworks's initcall > > > > > mechanism. It moved the integrity_fs_init() call to ima_fs_init() and > > > > > evm_init_secfs(), to work around the fact that there is no > > > > > "integrity" LSM, > > > > > and introduced integrity_fs_fini() to remove the integrity directory, > > > > > if > > > > > empty. Both integrity_fs_init() and integrity_fs_fini() support the > > > > > scenario of being called by both the IMA and EVM LSMs. > > > > > > > > > > It is worth mentioning that this patch does not touch any of the > > > > > "platform certs" code that lives in the > > > > > security/integrity/platform_certs > > > > > directory as the IMA/EVM maintainers have assured me that this code is > > > > > unrelated to IMA/EVM, despite the location, and will be moved to a > > > > > more > > > > > > > > This wording "unrelated to IMA/EVM" was taken from Paul's patch > > > > description, but > > > > needs to be tweaked. Please refer to my comment on Paul's patch. > > > > > > Minim, Roberto, would both of you be okay if I changed the second > > > paragraph to read as follows: > > > > > > "This patch does not touch any of the platform certificate code that > > > lives under the security/integrity/platform_certs directory as the > > > IMA/EVM developers would prefer to address that in a future patchset." > > > > That's fine. > > Roberto, is it okay if I update your patch with the text above and use > it to replace my IMA/EVM patch in the LSM init patchset? I'll retain > your From/Sign-off of course.
Yes, absolutely! Roberto
