Re: [PATCH v2 1/4] ima: added policy support for 'security.ima' type

2013-01-31 Thread Vivek Goyal
On Thu, Jan 31, 2013 at 02:25:11PM -0500, Mimi Zohar wrote: [..] > With the following patches, which James pulled earlier this week, each > hook can have a different appraise status. > > 5a73fcf ima: differentiate appraise status only for hook specific rules > d79d72e ima: per hook cache integrit

Re: [PATCH v2 1/4] ima: added policy support for 'security.ima' type

2013-01-31 Thread Mimi Zohar
On Thu, 2013-01-31 at 13:41 -0500, Vivek Goyal wrote: > On Wed, Jan 30, 2013 at 05:42:39PM -0500, Mimi Zohar wrote: > > On Wed, 2013-01-30 at 16:53 -0500, Vivek Goyal wrote: > > > On Tue, Jan 22, 2013 at 05:07:31PM -0500, Mimi Zohar wrote: > > > > > > [..] > > > > /* iint cache flags */ > > > > +

Re: [PATCH v2 1/4] ima: added policy support for 'security.ima' type

2013-01-31 Thread Vivek Goyal
On Wed, Jan 30, 2013 at 05:42:39PM -0500, Mimi Zohar wrote: > On Wed, 2013-01-30 at 16:53 -0500, Vivek Goyal wrote: > > On Tue, Jan 22, 2013 at 05:07:31PM -0500, Mimi Zohar wrote: > > > > [..] > > > /* iint cache flags */ > > > +#define IMA_ACTION_FLAGS 0xff00 > > > #define IMA_DIGSIG

Re: [PATCH v2 1/4] ima: added policy support for 'security.ima' type

2013-01-30 Thread Mimi Zohar
On Wed, 2013-01-30 at 16:53 -0500, Vivek Goyal wrote: > On Tue, Jan 22, 2013 at 05:07:31PM -0500, Mimi Zohar wrote: > > [..] > > /* iint cache flags */ > > +#define IMA_ACTION_FLAGS 0xff00 > > #define IMA_DIGSIG 0x0100 > > +#define IMA_DIGSIG_REQUIRED0x0200 > > Hi Mimi, > > I

Re: [PATCH v2 1/4] ima: added policy support for 'security.ima' type

2013-01-30 Thread Vivek Goyal
On Tue, Jan 22, 2013 at 05:07:31PM -0500, Mimi Zohar wrote: [..] > /* iint cache flags */ > +#define IMA_ACTION_FLAGS 0xff00 > #define IMA_DIGSIG 0x0100 > +#define IMA_DIGSIG_REQUIRED 0x0200 Hi Mimi, IMA_DIGSIG_REQUIRED state does not really have to be stored in iint I guess. Th