diff for duplicates of <1502917153.21278.48.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 913f657..5b2b126 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -21,26 +21,21 @@ existing LSM hook, a decision needs to be made as to whether it needs to be a generic LSM hook or not. Assuming we made IMA an LSM module, what would we do with these other -calls? ?Would they need to be converted to LSM hooks? ?(Are all LSMs -visited, even if an earlier LSM fails? ?Or does the first LSM failure, +calls? Would they need to be converted to LSM hooks? (Are all LSMs +visited, even if an earlier LSM fails? Or does the first LSM failure, stop the LSM traversal?) Unlike LSMs which are sharing the i_sec, IMA doesn't have an entry in the inode, but does an rbtree lookup to access the associated data. -?Having an i_sec would simplify a lot of the code, but making this + Having an i_sec would simplify a lot of the code, but making this sort of change would be a major undertaking. -In this context, I'm not sure what you mean by "loaded".? IMA needs to +In this context, I'm not sure what you mean by "loaded". IMA needs to be enabled from the very beginning to capture all measurements and -verify the integrity of files, without any gaps. ?At some point this -would include other LSM policies. ?IMA certainly cannot be loaded late +verify the integrity of files, without any gaps. At some point this +would include other LSM policies. IMA certainly cannot be loaded late like kernel modules. Similarly, we would need to think about EVM. Mimi - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 8f24b1d..f0285cc 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,10 +1,17 @@ "ref\01502904620-20075-1-git-send-email-zohar@linux.vnet.ibm.com\0" "ref\01502904620-20075-3-git-send-email-zohar@linux.vnet.ibm.com\0" "ref\063522b3b-5e61-f760-5f74-f9fbe44741f5@schaufler-ca.com\0" - "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" - "Subject\0[RFC PATCH 2/4] ima: define new ima_sb_post_new_mount hook\0" + "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" + "Subject\0Re: [RFC PATCH 2/4] ima: define new ima_sb_post_new_mount hook\0" "Date\0Wed, 16 Aug 2017 16:59:13 -0400\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Casey Schaufler <casey@schaufler-ca.com>" + Christoph Hellwig <hch@lst.de> + " Al Viro <viro@zeniv.linux.org.uk>\0" + "Cc\0Jan Kara <jack@suse.cz>" + Jeff Layton <jlayton@redhat.com> + linux-fsdevel@vger.kernel.org + linux-ima-devel@lists.sourceforge.net + " linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Wed, 2017-08-16 at 12:24 -0700, Casey Schaufler wrote:\n" @@ -30,28 +37,23 @@ "to be a generic LSM hook or not.\n" "\n" "Assuming we made IMA an LSM module, what would we do with these other\n" - "calls? ?Would they need to be converted to LSM hooks? ?(Are all LSMs\n" - "visited, even if an earlier LSM fails? ?Or does the first LSM failure,\n" + "calls? \302\240Would they need to be converted to LSM hooks? \302\240(Are all LSMs\n" + "visited, even if an earlier LSM fails? \302\240Or does the first LSM failure,\n" "stop the LSM traversal?)\n" "\n" "Unlike LSMs which are sharing the i_sec, IMA doesn't have an entry in\n" "the inode, but does an rbtree lookup to access the associated data.\n" - "?Having an i_sec would simplify a lot of the code, but making this\n" + "\302\240Having an i_sec would simplify a lot of the code, but making this\n" "sort of change would be a major undertaking.\n" "\n" - "In this context, I'm not sure what you mean by \"loaded\".? IMA needs to\n" + "In this context, I'm not sure what you mean by \"loaded\".\302\240 IMA needs to\n" "be enabled from the very beginning to capture all measurements and\n" - "verify the integrity of files, without any gaps. ?At some point this\n" - "would include other LSM policies. ?IMA certainly cannot be loaded late\n" + "verify the integrity of files, without any gaps. \302\240At some point this\n" + "would include other LSM policies. \302\240IMA certainly cannot be loaded late\n" "like kernel modules.\n" "\n" "Similarly, we would need to think about EVM.\n" "\n" - "Mimi\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Mimi -c6bea439b291db887d8ea86179b70675ad4d015bb0dc3f2ffedd9f32efbaa202 +2bebc835642892548d1847875cd6a481ed0727dc7995e60fa04c03e56ecc405e
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.