[PATCH v3 17/22] ima: remove firmware and module specific cached status info
Mimi Zohar
zohar at linux.vnet.ibm.com
Wed Feb 10 15:14:11 PST 2016
On Wed, 2016-02-10 at 22:18 +0200, Dmitry Kasatkin wrote:
> > diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
> > index cb0d0ff..6b4694a 100644
> > --- a/security/integrity/ima/ima_appraise.c
> > +++ b/security/integrity/ima/ima_appraise.c
> > @@ -74,13 +74,12 @@ enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
> > return iint->ima_mmap_status;
> > case BPRM_CHECK:
> > return iint->ima_bprm_status;
> > - case MODULE_CHECK:
> > - return iint->ima_module_status;
> > - case FIRMWARE_CHECK:
> > - return iint->ima_firmware_status;
> > case FILE_CHECK:
> > - default:
> > + case POST_SETATTR:
> > return iint->ima_file_status;
> > + case MODULE_CHECK ... MAX_CHECK - 1:
>
> Will LLVM clang handles this range?
>
> Otherwise it can be just like:
>
> case MODULE_CHECK ... MAX_CHECK :
Yes, my test program compiled fine with clang. Similar usage exists in
the kernel (eg. fs/afs/callback.c).
Mimi
More information about the kexec
mailing list