Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > This kernel_is_locked_down() check is being called for both the > original and new module_load syscalls. We need to be able > differentiate them. This is fine for the original syscall, but for > the new syscall we would need an additional IMA check - > !is_ima_appraise_enabled().
IMA can only be used with finit_module()? David
