On Mon, 2015-06-01 at 14:02 +0000, Zbigniew Jędrzejewski-Szmek wrote: > On Mon, Jun 01, 2015 at 08:57:57AM -0400, Mimi Zohar wrote: > > The original systemd IMA module loaded the IMA policy by mmaping the > > file into memory and then writing the entire file to > > <securityfs>/ima/policy. By changing this behavior of writing the > > entire file, commit 4dfb18922d5d "ima-setup: simplify" broke IMA > > policy loading. > > > > Please revert commit 4dfb18922d5d1efb13ee459cbf23832277f85ed7 and the > > related hunk from commit 7430ec6ac08f2c0416d9f806964c46b30f3862b2. > I'm pretty sure that whether the input file was mmaped or read using > read() cannot influence the rresult.The difference must come from the > way that the output file is written. Current code also eventually calls > loop_write, except that it writes in chunks of COPY_BUFFER_SIZE (16*1024). > Previous code tried to write everything in one go. Does the output > file have to be written using one write() call?
Yes! Mimi _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel