From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Eric Paris <eparis@parisplace.org>,
"Kasatkin, Dmitry" <dmitry.kasatkin@intel.com>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
LSM List <linux-security-module@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
James Morris <jmorris@namei.org>
Subject: Re: [PATCH 0/2] ima: policy search speedup
Date: Tue, 11 Dec 2012 14:48:40 -0500 [thread overview]
Message-ID: <1355255320.2356.148.camel@falcor> (raw)
In-Reply-To: <CA+55aFwG31fi9=r0Zta2hoo60vdgM61hbh4BC9Rgs8i7S82Haw@mail.gmail.com>
On Tue, 2012-12-11 at 11:10 -0800, Linus Torvalds wrote:
> Anyway, the whole "you can do it at file granularity" isn't the bulk
> of my argument (the "we already have the field that makes sense" is).
> But my point is that per-inode is not only the logically more
> straightforward place to do it, it's also the much more flexible place
> to do it. Because it *allows* for things like that.
Ok. To summarize, S_IMA indicates that there is a rule and that the iint
was allocated. To differentiate between 'haven't looked/don't know' and
'definitely not', we need another bit. For this, you're suggesting
using IS_PRIVATE()? Hopefully, I misunderstood.
thanks,
Mimi
next prev parent reply other threads:[~2012-12-11 19:48 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-22 21:54 [PATCH 0/2] ima: policy search speedup Dmitry Kasatkin
2012-11-22 21:54 ` [PATCH 1/2] vfs: new super block feature flags attribute Dmitry Kasatkin
2012-11-22 21:54 ` [PATCH 2/2] ima: skip policy search for never appraised or measured files Dmitry Kasatkin
2012-11-27 13:42 ` [PATCH 0/2] ima: policy search speedup Kasatkin, Dmitry
2012-12-11 12:51 ` Kasatkin, Dmitry
2012-12-11 14:08 ` Mimi Zohar
2012-12-11 16:59 ` Linus Torvalds
2012-12-11 17:40 ` Kasatkin, Dmitry
2012-12-11 17:55 ` Linus Torvalds
2012-12-11 18:09 ` Eric Paris
2012-12-11 18:35 ` Kasatkin, Dmitry
2012-12-11 19:07 ` Mimi Zohar
2012-12-11 22:16 ` Dave Chinner
2012-12-11 18:10 ` Kasatkin, Dmitry
2012-12-11 18:29 ` Al Viro
2012-12-11 18:12 ` Kasatkin, Dmitry
2012-12-11 18:35 ` Linus Torvalds
2012-12-11 18:53 ` Kasatkin, Dmitry
2012-12-11 18:18 ` Mimi Zohar
2012-12-11 18:35 ` Eric Paris
2012-12-11 18:59 ` Mimi Zohar
2012-12-11 19:10 ` Linus Torvalds
2012-12-11 19:48 ` Mimi Zohar [this message]
2012-12-11 20:05 ` Linus Torvalds
2012-12-11 20:15 ` Eric Paris
2012-12-11 20:31 ` Linus Torvalds
2012-12-11 20:08 ` Eric Paris
2012-12-11 22:57 ` Kasatkin, Dmitry
2012-12-11 23:02 ` Eric Paris
2012-12-12 13:56 ` Kasatkin, Dmitry
2012-12-12 14:25 ` Eric Paris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1355255320.2356.148.camel@falcor \
--to=zohar@linux.vnet.ibm.com \
--cc=dmitry.kasatkin@intel.com \
--cc=eparis@parisplace.org \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.