Re: [PATCH v5 1/8] ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS

From: Stefan Berger
Date: Mon Feb 14 2022 - 15:48:52 EST

Next message: Slade Watkins: "Re: [PATCH 4.19 00/49] 4.19.230-rc1 review"
Previous message: Sander Vanheule: "[PATCH v5 4/4] irqchip/realtek-rtl: use per-parent domains"
In reply to: Mimi Zohar: "[PATCH v5 1/8] ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS"
Next in thread: Mimi Zohar: "Re: [PATCH v5 1/8] ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/11/22 16:43, Mimi Zohar wrote:

Simple policy rule options, such as fowner, uid, or euid, can be checked
immediately, while other policy rule options, such as requiring a file
signature, need to be deferred.

The 'flags' field in the integrity_iint_cache struct contains the policy
action', 'subaction', and non action/subaction.

action: measure/measured, appraise/appraised, (collect)/collected,
audit/audited
subaction: appraise status for each hook (e.g. file, mmap, bprm, read,
creds)
non action/subaction: deferred policy rule options and state

Rename the IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS.

Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>

Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>

Next message: Slade Watkins: "Re: [PATCH 4.19 00/49] 4.19.230-rc1 review"
Previous message: Sander Vanheule: "[PATCH v5 4/4] irqchip/realtek-rtl: use per-parent domains"
In reply to: Mimi Zohar: "[PATCH v5 1/8] ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS"
Next in thread: Mimi Zohar: "Re: [PATCH v5 1/8] ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]