Re: [PATCH 2/6] integrity: Linux Integrity Module(LIM)

From: Serge E. Hallyn
Date: Thu Dec 04 2008 - 14:22:31 EST

Quoting Christoph Hellwig (hch@xxxxxxxxxxxxx):
> On Wed, Dec 03, 2008 at 05:17:35PM -0500, Mimi Zohar wrote:
> > > I have a bit of a problem parsing the above, and it certainly doesn't
> > > look like a justification for keeping all that unused code around.
> >
> > The purpose of LIM is to provide an integrity infrastructure to support
> > different types of integrity data. IMA implements both the LIM
> > API for it's own internal use, and exports it for others to call.
> >
> > As Dave Safford pointed out in,
> > there are other projects that want to add differently structured
> > measurements to the TPM measurement list. The template abstraction is
> > critical to allowing these differently formatted messages to be added to
> > the list.
> I think we're talking past each other.
> In integrity.h there are two operation vectors defines:
> - struct integrity_operations delcares the operations called from the
> VFS. This one is actually used. While I don't agree to Dave's
> argument, because we don't put bloat in just because people might
> eventually some day use it when they are in the right mood and the
> sun shines, thisn't isn't the one I'm talking about in this thread.
> - struct template_operations on the others is not only really badly
> named for appearing in a global header but also not used in a
> meaningfull way. There is one single instace of it,
> ima_template_ops, and while there are five helpers added in the
> second patch that use it (integrity_collect_measurement,
> integrity_appraise_measurement, integrity_store_measurement,
> integrity_store_template, integrity_must_measure) none of them
> is used at all during the patch series. There are two direct
> uses of these template added in the third path, to implement the
> show operations for the "binary_runtime_measurements" and
> "ascii_runtime_measurements" files ins securityfs, but given that
> those are inside ima there no reason for the indirection at all.

Yeah I can definately see that.

Mimi, you used to have another template (I thought) which just tracked
security_ops to try and prevent subversion of the LSM hooks. Or something like
that. That was a separate template_ops, right? Can you post that again? That
might answer both Christoph's query about the usefulness of the indirection,
and Dave's question about "how could I use this, anyway".

If you do repost it, please be very clear about what it is expected
to do/protect against, and how, using no acronyms which you don't
define on first use :)

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at