Re: [PATCH 01/23] ima: Use buffer large enough to store fake IMA xattr for appraisal

On 2020/7/28 15:40, Roberto Sassu wrote:

hulk inclusion category: feature feature: digest-lists

---

A fake IMA xattr is created to perform EVM verification even if security.ima is not present. Appraisal could succeed if EVM status is unknown and the file digest is found in a digest list.

This patch allocates a larger buffer to store fake IMA xattrs (struct evm_ima_xattr_data can be used only for SHA1 digests).

Signed-off-by: Roberto Sassu roberto.sassu@huawei.com

Hi Roberto, would you mind adding a cover letter to describe why we need this patch set? and what's the relationship with your previous IMA patch set?

Thanks Hanjun