Each time a file in policy, that is already opened for write, is opened for read an open-writers integrity violation audit message is emitted and a violation record is added to the IMA measurement list, even if an open-writers violation has already been recorded.
Similalry each time a file in policy, that is already opened for read, is opened for write a Time-of-Measure-Time-of-Use (ToMToU) integrity violation audit message is emitted and a violation record is added to the IMA measurement list, even if a ToMToU violation has already been recorded. Minimize the violations in the audit log and the IMA measurement list. Mimi Zohar (2): ima: limit the number of open-writers integrity violations ima: limit the number of ToMToU integrity violations security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_main.c | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) -- 2.48.1
