diff for duplicates of <1505664935.4200.191.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 19efb1a..f995f63 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -19,7 +19,7 @@ On Sun, 2017-09-17 at 08:28 -0700, Linus Torvalds wrote: > So now the measurements are not trustworthy any more. Unless I'm missing something, that would only be possible with an IMA -policy rule that permits direct IO (eg. permit_directio). ?Otherwise +policy rule that permits direct IO (eg. permit_directio). Otherwise the direct IO is denied. > > Well, that's exactly the point of the new ->integrity_read routine @@ -37,15 +37,10 @@ the direct IO is denied. > that is so inconvenient for the filesystems it wants to check? Originally IMA had its own lock (iint->mutex), prior to IMA-appraisal -being upstreamed. ?With a separate lock, the iint->mutex and i_rwsem +being upstreamed. With a separate lock, the iint->mutex and i_rwsem would be taken in reverse order in process_measurements() and in the setxattr, chown, chmod syscalls. I'm at the airport on my way back home. Mimi - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 6368b8c..c4279c1 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -4,10 +4,33 @@ "ref\0CA+55aFxmeff53zeioTiQY6m=F18ekgX1-HWZyQUor=NJYrxM9A@mail.gmail.com\0" "ref\020170917151757.GA14262@infradead.org\0" "ref\0CA+55aFyrZ=YsfNc1vp=vArNgotLXGPr4F6uZiz22Uj2XHGUvaw@mail.gmail.com\0" - "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" - "Subject\0[PATCH 3/3] ima: use fs method to read integrity data (updated patch description)\0" + "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" + "Subject\0Re: [PATCH 3/3] ima: use fs method to read integrity data (updated patch description)\0" "Date\0Sun, 17 Sep 2017 12:15:35 -0400\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Linus Torvalds <torvalds@linux-foundation.org>" + " Christoph Hellwig <hch@infradead.org>\0" + "Cc\0LSM List <linux-security-module@vger.kernel.org>" + Christoph Hellwig <hch@lst.de> + linux-ima-devel@lists.sourceforge.net + James Morris <jmorris@namei.org> + Linux Kernel Mailing List <linux-kernel@vger.kernel.org> + Matthew Garrett <mjg59@srcf.ucam.org> + Jan Kara <jack@suse.com> + Theodore Ts'o <tytso@mit.edu> + Andreas Dilger <adilger.kernel@dilger.ca> + Jaegeuk Kim <jaegeuk@kernel.org> + Chao Yu <yuchao0@huawei.com> + Steven Whitehouse <swhiteho@redhat.com> + Bob Peterson <rpeterso@redhat.com> + David Woodhouse <dwmw2@infradead.org> + Dave Kleikamp <shaggy@kernel.org> + Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> + Mark Fasheh <mfasheh@versity.com> + Joel Becker <jlbec@evilplan.org> + Richard Weinberger <richard@nod.at> + Darrick J. Wong <darrick.wong@oracle.com> + Hugh Dickins <hughd@google.com> + " Chris Mason <clm@fb.com>\0" "\00:1\0" "b\0" "On Sun, 2017-09-17 at 08:28 -0700, Linus Torvalds wrote:\n" @@ -31,7 +54,7 @@ "> So now the measurements are not trustworthy any more.\n" "\n" "Unless I'm missing something, that would only be possible with an IMA\n" - "policy rule that permits direct IO (eg. permit_directio). ?Otherwise\n" + "policy rule that permits direct IO (eg. permit_directio). \302\240Otherwise\n" "the direct IO is denied.\n" "\n" "> > Well, that's exactly the point of the new ->integrity_read routine\n" @@ -49,17 +72,12 @@ "> that is so inconvenient for the filesystems it wants to check?\n" "\n" "Originally IMA had its own lock (iint->mutex), prior to IMA-appraisal\n" - "being upstreamed. ?With a separate lock, the iint->mutex and i_rwsem\n" + "being upstreamed. \302\240With a separate lock, the iint->mutex and i_rwsem\n" "would be taken in reverse order in process_measurements() and in the\n" "setxattr, chown, chmod syscalls.\n" "\n" "I'm at the airport on my way back home.\n" "\n" - "Mimi\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Mimi -494b63de6deb3bf4b5a5a519fe57dad11015bd4812928f99de442ff41d5f27b3 +4d8a62de9ab89fb05ffb7c1682dac856e377d7013da7a9f81b115130f47edc41
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.