On Wed, Oct 1, 2025 at 1:04 PM Mimi Zohar <[email protected]> wrote: > On Tue, 2025-09-30 at 16:11 -0400, Paul Moore wrote: > > On Tue, Sep 16, 2025 at 6:14 PM Paul Moore <[email protected]> wrote: > > > > > > From: Roberto Sassu <[email protected]> > > > > > > This patch converts IMA and EVM to use the LSM frameworks's initcall > > > mechanism. It moved the integrity_fs_init() call to ima_fs_init() and > > > evm_init_secfs(), to work around the fact that there is no "integrity" > > > LSM, > > > and introduced integrity_fs_fini() to remove the integrity directory, if > > > empty. Both integrity_fs_init() and integrity_fs_fini() support the > > > scenario of being called by both the IMA and EVM LSMs. > > > > > > This patch does not touch any of the platform certificate code that > > > lives under the security/integrity/platform_certs directory as the > > > IMA/EVM developers would prefer to address that in a future patchset. > > > > > > Signed-off-by: Roberto Sassu <[email protected]> > > > [PM: adjust description as discussed over email] > > > Signed-off-by: Paul Moore <[email protected]> > > > --- > > > security/integrity/evm/evm_main.c | 3 +-- > > > security/integrity/evm/evm_secfs.c | 11 +++++++++-- > > > security/integrity/iint.c | 14 ++++++++++++-- > > > security/integrity/ima/ima_fs.c | 11 +++++++++-- > > > security/integrity/ima/ima_main.c | 4 ++-- > > > security/integrity/integrity.h | 2 ++ > > > 6 files changed, 35 insertions(+), 10 deletions(-) > > > > I appreciate you reviewing most (all?) of the other patches in this > > patchset, but any chance you could review the IMA/EVM from Roberto? > > This is the only patch that really needs your review ... > > I've already reviewed the patch, just not Acked it yet. I'll hopefully get to > testing it later this week or next week.
As mentioned off-list, a review-by tag is worthless if you want me to hold it for your ACK. When I'm asking you for a review on code which you maintain, I'm asking for your go/no-go on the patch for merging; that's an ACK. -- paul-moore.com
