Re: [GIT] Security subsystem updates for 3.9

From: Linus Torvalds
Date: Thu Feb 21 2013 - 13:21:53 EST

On Thu, Feb 21, 2013 at 10:06 AM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> Almost, and enforcing file integrity is enabled. The merged result
> should look like what's contained in
> linux-integrity/next-upstreamed-patches:
> int ima_module_check(struct file *file)
> {
> if (!file) {
> if ((ima_appraise & IMA_APPRAISE_MODULES) &&
> (ima_appraise & IMA_APPRAISE_ENFORCE)) {
> #endif
> }
> return 0;

Ugh. The placement of that #ifndef is just horrible, please don't do
that. Just add it around the whole if-statement rather than around
just the return. Not because the compiler can't optimize away the
tests, but because it's much more obvious to a *human* what the ifndef
actually does.

Anyway, I don't have the IMA_APPRAISE_ENFORCE bit checking, it wasn't
obvious from the conflict, so somebody will need to add that.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at