On Sun, 2025-09-07 at 21:08 -0400, Paul Moore wrote: > On Sun, Sep 7, 2025 at 5:18 PM Mimi Zohar <[email protected]> wrote: > > > > On Tue, 2025-09-02 at 14:54 +0200, Roberto Sassu wrote: > > > From: Paul Moore <[email protected]> > > > > Remove above ... > > > > > > > > This patch converts IMA and EVM to use the LSM frameworks's initcall > > > mechanism. It moved the integrity_fs_init() call to ima_fs_init() and > > > evm_init_secfs(), to work around the fact that there is no "integrity" > > > LSM, > > > and introduced integrity_fs_fini() to remove the integrity directory, if > > > empty. Both integrity_fs_init() and integrity_fs_fini() support the > > > scenario of being called by both the IMA and EVM LSMs. > > > > > > It is worth mentioning that this patch does not touch any of the > > > "platform certs" code that lives in the security/integrity/platform_certs > > > directory as the IMA/EVM maintainers have assured me that this code is > > > unrelated to IMA/EVM, despite the location, and will be moved to a more > > > > This wording "unrelated to IMA/EVM" was taken from Paul's patch > > description, but > > needs to be tweaked. Please refer to my comment on Paul's patch. > > Minim, Roberto, would both of you be okay if I changed the second > paragraph to read as follows: > > "This patch does not touch any of the platform certificate code that > lives under the security/integrity/platform_certs directory as the > IMA/EVM developers would prefer to address that in a future patchset."
That's fine. > > > > relevant subsystem in the future. > > > > > > Signed-off-by: Roberto Sassu <[email protected]> > > > > Reviewed-by: Mimi Zohar <[email protected]>, but not yet tested. >
