[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 12 Dec 2020 09:34:28 -0800
From: Tushar Sugandhi <tusharsu@...ux.microsoft.com>
To: Tyler Hicks <tyhicks@...ux.microsoft.com>
Cc: zohar@...ux.ibm.com, stephen.smalley.work@...il.com,
casey@...aufler-ca.com, agk@...hat.com, snitzer@...hat.com,
gmazyland@...il.com, paul@...l-moore.com, sashal@...nel.org,
jmorris@...ei.org, nramas@...ux.microsoft.com,
linux-integrity@...r.kernel.org, selinux@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, dm-devel@...hat.com
Subject: Re: [PATCH v8 4/8] IMA: add policy rule to measure critical data
>>>> + case CRITICAL_DATA:
>>>> + if (!rule->data_source)
>>>> + return true;
>>>> +
>>>> + opt_list = rule->data_source;
>>>> + break;
>>>
>>> I guess this case should unconditionally return true in this patch and
>>> then the include this additional logic in the next patch.
>>>
>>> Sorry, I missed these on my last review.
>>>
>> No worries.
>>
>> As I mentioned above, I kept it purposefully in this patch since
>> my impression was rule->data_source is not part of the user facing
>> policy.
>>
>> But I can simply return true here as you suggested, and move the logic to
>> the next patch.
>
> I understand the thinking that it isn't harmful in this patch but I
> think it is a bit cleaner to introduce the data_source policy language
> element and all of its backend support in the same patch. Please move it
> to the next patch. Thanks!
>
> Tyler
>
Will do.
Thanks a lot Tyler for a detailed review. Appreciate it.
~Tushar
Powered by blists - more mailing lists