On Thu, 2021-01-14 at 11:44 -0500, Mimi Zohar wrote: > [Cc'ing Sasha] > > Hi Lakshmi, > > On Thu, 2021-01-14 at 08:22 -0800, Lakshmi Ramasubramanian wrote: > > On 1/13/21 6:49 PM, Mimi Zohar wrote: > > > >>> Lakshmi is trying to address the situation where an event changes a > > >>> value, but then is restored to the original value. The original and > > >>> subsequent events are measured, but restoring to the original value > > >>> isn't re-measured. This isn't any different than when a file is > > >>> modified and then reverted. > > >>> > > >>> Instead of changing the name like this, which doesn't work for files, > > >>> allowing duplicate measurements should be generic, based on policy. > > >> > > >> Perhaps it is just the end of the day and I'm a bit tired, but I just > > >> read all of the above and I have no idea what your current thoughts > > >> are regarding this patch. > > > > > > Other than appending the timestamp, which is a hack, the patch is fine. > > > Support for re-measuring an event can be upstreamed independently. > > > > > > > Thanks for clarifying the details related to duplicate measurement > > detection and re-measuring. > > > > I will keep the timestamp for the time being, even though its a hack, as > > it helps with re-measuring state changes in SELinux. We will add support > > for "policy driven" re-measurement as a subsequent patch series. > > Once including the timestamp is upstreamed, removing it will be > difficult, especially if different userspace applications are dependent > on it. Unless everyone is on board that removing the timestamp > wouldn't be considered a regression, it cannot be upstreamed.
Feel free to just re-post just this one patch. Otherwise the patch set looks good. thanks, Mimi
