diff for duplicates of <1505746542.4200.242.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 91fc93f..d66651b 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -54,22 +54,17 @@ algorithm. > Linus wants). For performance reasons, IMA is not on a write hook, but detects file -change on the last __fput() opened for write. ?At that point, the -cached info is reset. ?The file hash is re-calculated and written out -as an xattr. ?On the next file access (in policy), the file hash is +change on the last __fput() opened for write. At that point, the +cached info is reset. The file hash is re-calculated and written out +as an xattr. On the next file access (in policy), the file hash is re-calculated and stored in the iint. In terms of remote/clustered/fuse filesystems, we wouldn't be on the -__fput() path. ?Support for remote/clustered/fuse filesystems, would -be similar to filesystems that do not support i_version. ?Meaning only +__fput() path. Support for remote/clustered/fuse filesystems, would +be similar to filesystems that do not support i_version. Meaning only the first file access (in policy) would be measured/appraised, but not -subsequent ones. ?Even if we could detect file change, we would be +subsequent ones. Even if we could detect file change, we would be dependent on the remote/clustered/fuse filesystem to inform us of the -change. ?What type of integrity guarantees would that provide? +change. What type of integrity guarantees would that provide? Mimi - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 564c60e..bcfe6bd 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -9,10 +9,35 @@ "ref\020170917163828.GE5426@ZenIV.linux.org.uk\0" "ref\0517c83a6-d7c5-9638-ebaa-52800ca0962c@redhat.com\0" "ref\020170918101350.GI32516@quack2.suse.cz\0" - "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" - "Subject\0[PATCH 3/3] ima: use fs method to read integrity data (updated patch description)\0" + "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" + "Subject\0Re: [PATCH 3/3] ima: use fs method to read integrity data (updated patch description)\0" "Date\0Mon, 18 Sep 2017 10:55:42 -0400\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Jan Kara <jack@suse.cz>" + " Steven Whitehouse <swhiteho@redhat.com>\0" + "Cc\0Al Viro <viro@zeniv.linux.org.uk>" + Linus Torvalds <torvalds@linux-foundation.org> + Christoph Hellwig <hch@infradead.org> + LSM List <linux-security-module@vger.kernel.org> + Christoph Hellwig <hch@lst.de> + linux-ima-devel@lists.sourceforge.net + James Morris <jmorris@namei.org> + Linux Kernel Mailing List <linux-kernel@vger.kernel.org> + Matthew Garrett <mjg59@srcf.ucam.org> + Jan Kara <jack@suse.com> + Theodore Ts'o <tytso@mit.edu> + Andreas Dilger <adilger.kernel@dilger.ca> + Jaegeuk Kim <jaegeuk@kernel.org> + Chao Yu <yuchao0@huawei.com> + Bob Peterson <rpeterso@redhat.com> + David Woodhouse <dwmw2@infradead.org> + Dave Kleikamp <shaggy@kernel.org> + Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> + Mark Fasheh <mfasheh@versity.com> + Joel Becker <jlbec@evilplan.org> + Richard Weinberger <richard@nod.at> + Darrick J. Wong <darrick.wong@oracle.com> + Hugh Dickins <hughd@google.com> + " Chris Mason <clm@fb.com>\0" "\00:1\0" "b\0" "On Mon, 2017-09-18 at 12:13 +0200, Jan Kara wrote:\n" @@ -71,24 +96,19 @@ "> Linus wants).\n" "\n" "For performance reasons, IMA is not on a write hook, but detects file\n" - "change on the last __fput() opened for write. ?At that point, the\n" - "cached info is reset. ?The file hash is re-calculated and written out\n" - "as an xattr. ?On the next file access (in policy), the file hash is\n" + "change on the last __fput() opened for write. \302\240At that point, the\n" + "cached info is reset. \302\240The file hash is re-calculated and written out\n" + "as an xattr. \302\240On the next file access (in policy), the file hash is\n" "re-calculated and stored in the iint.\n" "\n" "In terms of remote/clustered/fuse filesystems, we wouldn't be on the\n" - "__fput() path. ?Support for remote/clustered/fuse filesystems, would\n" - "be similar to filesystems that do not support i_version. ?Meaning only\n" + "__fput() path. \302\240Support for remote/clustered/fuse filesystems, would\n" + "be similar to filesystems that do not support i_version. \302\240Meaning only\n" "the first file access (in policy) would be measured/appraised, but not\n" - "subsequent ones. ?Even if we could detect file change, we would be\n" + "subsequent ones. \302\240Even if we could detect file change, we would be\n" "dependent on the remote/clustered/fuse filesystem to inform us of the\n" - "change. ?What type of integrity guarantees would that provide?\n" + "change. \302\240What type of integrity guarantees would that provide?\n" "\n" - "Mimi\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Mimi -00f31c0875613e2a546c51032f9d3237b3a95bca1aaca10fb0b843226acfd52e +a9dbab8720a9714002fac460fb29d2eb32601ea038f51072a6ba649482cd1753
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.