Linux-Integrity Archive on
 help / color / Atom feed
From: Mimi Zohar <>
To: Tyler Hicks <>,
	Dmitry Kasatkin <>
Cc: James Morris <>,
	"Serge E . Hallyn" <>,,,,
	Casey Schaufler <>,
Subject: Re: [PATCH] ima: Rename internal audit rule functions
Date: Mon, 29 Jun 2020 17:30:03 -0400
Message-ID: <> (raw)
In-Reply-To: <>

[Cc'ing the audit mailing list]

On Mon, 2020-06-29 at 10:30 -0500, Tyler Hicks wrote:
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index ff2bf57ff0c7..5d62ee8319f4 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -419,24 +419,24 @@ static inline void ima_free_modsig(struct modsig *modsig)
>  /* LSM based policy rules require audit */
> -#define security_filter_rule_init security_audit_rule_init
> -#define security_filter_rule_free security_audit_rule_free
> -#define security_filter_rule_match security_audit_rule_match
> +#define ima_audit_rule_init security_audit_rule_init
> +#define ima_audit_rule_free security_audit_rule_free
> +#define ima_audit_rule_match security_audit_rule_match

Instead of defining an entirely new method of identifying files, IMA
piggybacks on top of the existing audit rule syntax.  IMA policy rules
"filter" based on this information.

IMA already audits security/integrity related events.  Using the word
"audit" here will make things even more confusing than they currently
are.  Renaming these functions as ima_audit_rule_XXX provides no
benefit.  At that point, IMA might as well call the
security_audit_rule prefixed function names directly.  As a quick fix,
rename them as "ima_filter_rule".

The correct solution would probably be to rename these prefixed
"security_audit_rule" functions as "security_filter_rule", so that
both the audit subsystem and IMA could use them.


      parent reply index

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-29 15:30 Tyler Hicks
2020-06-29 16:24 ` Casey Schaufler
2020-06-29 21:30 ` Mimi Zohar [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Integrity Archive on

Archives are clonable:
	git clone --mirror linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ \
	public-inbox-index linux-integrity

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone