On Tue, 2025-09-30 at 16:11 -0400, Paul Moore wrote: > On Tue, Sep 16, 2025 at 6:14 PM Paul Moore <[email protected]> wrote: > > > > From: Roberto Sassu <[email protected]> > > > > This patch converts IMA and EVM to use the LSM frameworks's initcall > > mechanism. It moved the integrity_fs_init() call to ima_fs_init() and > > evm_init_secfs(), to work around the fact that there is no "integrity" LSM, > > and introduced integrity_fs_fini() to remove the integrity directory, if > > empty. Both integrity_fs_init() and integrity_fs_fini() support the > > scenario of being called by both the IMA and EVM LSMs. > > > > This patch does not touch any of the platform certificate code that > > lives under the security/integrity/platform_certs directory as the > > IMA/EVM developers would prefer to address that in a future patchset. > > > > Signed-off-by: Roberto Sassu <[email protected]> > > [PM: adjust description as discussed over email] > > Signed-off-by: Paul Moore <[email protected]> > > --- > > security/integrity/evm/evm_main.c | 3 +-- > > security/integrity/evm/evm_secfs.c | 11 +++++++++-- > > security/integrity/iint.c | 14 ++++++++++++-- > > security/integrity/ima/ima_fs.c | 11 +++++++++-- > > security/integrity/ima/ima_main.c | 4 ++-- > > security/integrity/integrity.h | 2 ++ > > 6 files changed, 35 insertions(+), 10 deletions(-) > > I appreciate you reviewing most (all?) of the other patches in this > patchset, but any chance you could review the IMA/EVM from Roberto? > This is the only patch that really needs your review ...
I've already reviewed the patch, just not Acked it yet. I'll hopefully get to testing it later this week or next week. Mimi
