From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>,
linux-integrity@vger.kernel.org
Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-kernel@vger.kernel.org,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Jessica Yu <jeyu@redhat.com>,
Rusty Russell <rusty@rustcorp.com.au>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
"AKASHI, Takahiro" <takahiro.akashi@linaro.org>
Subject: Re: [PATCH v5 00/18] Appended signatures support for IMA appraisal
Date: Thu, 26 Oct 2017 20:53:04 +0000 [thread overview]
Message-ID: <1509051184.5886.139.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20171018005331.2688-1-bauerman@linux.vnet.ibm.com>
On Tue, 2017-10-17 at 22:53 -0200, Thiago Jung Bauermann wrote:
> Hello,
>
> The main highlight in this version is that it fixes a bug where the modsig
> wasn't being included in the measurement list if the appraised file was
> already measured by another rule. The fix is in the last patch.
>
> Another change is that the last patch in the v4 series ("ima: Support
> module-style appended signatures for appraisal") has been broken up into
> smaller patches. I may have overdone it...
>
> Finally, I have added some patches removing superfluous parentheses from
> expressions. IMO these patches make it easier (and more pleasant) to read
> the code, and thus easier to understand it. Since I'm not sure how welcome
> the changes are, I split them in 3 "levels" in increasing potential for
> conflict with patches from other people (they can be squashed together when
> applied):
>
> 1. patch 2 contains the bare minimum, changing only lines that are also
> touched by other patches in the series;
>
> 2. patch 3 cleans up all the files that are touched by this patch series;
>
> 3. patch 4 cleans up all other EVM and IMA files that weren't already fixed
> by the previous patches.
>
> If unwanted, patches 3 and 4 can be simply skipped without affecting the
> rest of the patches. I have already rebased them from v4.13-rc2 to
> v4.14-rc3 and now to linux-integrity/next with very few easy to resolve
> conflicts, so I think they are worth keeping.
>
> These patches apply on top of today's linux-integrity/next.
This cover letter and the patch descriptions are well written,
explaining what and why you're making this change. The problem is
that I don't agree that fewer parentheses makes the code more
readable. When you repost the patches (for other reasons), please
don't include these changes.
thanks,
Mimi
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>,
linux-integrity@vger.kernel.org
Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-kernel@vger.kernel.org,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Jessica Yu <jeyu@redhat.com>,
Rusty Russell <rusty@rustcorp.com.au>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
"AKASHI, Takahiro" <takahiro.akashi@linaro.org>
Subject: Re: [PATCH v5 00/18] Appended signatures support for IMA appraisal
Date: Thu, 26 Oct 2017 16:53:04 -0400 [thread overview]
Message-ID: <1509051184.5886.139.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20171018005331.2688-1-bauerman@linux.vnet.ibm.com>
On Tue, 2017-10-17 at 22:53 -0200, Thiago Jung Bauermann wrote:
> Hello,
>
> The main highlight in this version is that it fixes a bug where the modsig
> wasn't being included in the measurement list if the appraised file was
> already measured by another rule. The fix is in the last patch.
>
> Another change is that the last patch in the v4 series ("ima: Support
> module-style appended signatures for appraisal") has been broken up into
> smaller patches. I may have overdone it...
>
> Finally, I have added some patches removing superfluous parentheses from
> expressions. IMO these patches make it easier (and more pleasant) to read
> the code, and thus easier to understand it. Since I'm not sure how welcome
> the changes are, I split them in 3 "levels" in increasing potential for
> conflict with patches from other people (they can be squashed together when
> applied):
>
> 1. patch 2 contains the bare minimum, changing only lines that are also
> touched by other patches in the series;
>
> 2. patch 3 cleans up all the files that are touched by this patch series;
>
> 3. patch 4 cleans up all other EVM and IMA files that weren't already fixed
> by the previous patches.
>
> If unwanted, patches 3 and 4 can be simply skipped without affecting the
> rest of the patches. I have already rebased them from v4.13-rc2 to
> v4.14-rc3 and now to linux-integrity/next with very few easy to resolve
> conflicts, so I think they are worth keeping.
>
> These patches apply on top of today's linux-integrity/next.
This cover letter and the patch descriptions are well written,
explaining what and why you're making this change. The problem is
that I don't agree that fewer parentheses makes the code more
readable. When you repost the patches (for other reasons), please
don't include these changes.
thanks,
Mimi
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>,
linux-integrity@vger.kernel.org
Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-kernel@vger.kernel.org,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Jessica Yu <jeyu@redhat.com>,
Rusty Russell <rusty@rustcorp.com.au>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
"AKASHI, Takahiro" <takahiro.akashi@linaro.org>
Subject: Re: [PATCH v5 00/18] Appended signatures support for IMA appraisal
Date: Thu, 26 Oct 2017 16:53:04 -0400 [thread overview]
Message-ID: <1509051184.5886.139.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20171018005331.2688-1-bauerman@linux.vnet.ibm.com>
On Tue, 2017-10-17 at 22:53 -0200, Thiago Jung Bauermann wrote:
> Hello,
>
> The main highlight in this version is that it fixes a bug where the modsig
> wasn't being included in the measurement list if the appraised file was
> already measured by another rule. The fix is in the last patch.
>
> Another change is that the last patch in the v4 series ("ima: Support
> module-style appended signatures for appraisal") has been broken up into
> smaller patches. I may have overdone it...
>
> Finally, I have added some patches removing superfluous parentheses from
> expressions. IMO these patches make it easier (and more pleasant) to read
> the code, and thus easier to understand it. Since I'm not sure how welcome
> the changes are, I split them in 3 "levels" in increasing potential for
> conflict with patches from other people (they can be squashed together when
> applied):
>
> 1. patch 2 contains the bare minimum, changing only lines that are also
> touched by other patches in the series;
>
> 2. patch 3 cleans up all the files that are touched by this patch series;
>
> 3. patch 4 cleans up all other EVM and IMA files that weren't already fixed
> by the previous patches.
>
> If unwanted, patches 3 and 4 can be simply skipped without affecting the
> rest of the patches. I have already rebased them from v4.13-rc2 to
> v4.14-rc3 and now to linux-integrity/next with very few easy to resolve
> conflicts, so I think they are worth keeping.
>
> These patches apply on top of today's linux-integrity/next.
This cover letter and the patch descriptions are well written,
explaining what and why you're making this change. The problem is
that I don't agree that fewer parentheses makes the code more
readable. When you repost the patches (for other reasons), please
don't include these changes.
thanks,
Mimi
WARNING: multiple messages have this Message-ID (diff)
From: zohar@linux.vnet.ibm.com (Mimi Zohar)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v5 00/18] Appended signatures support for IMA appraisal
Date: Thu, 26 Oct 2017 16:53:04 -0400 [thread overview]
Message-ID: <1509051184.5886.139.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20171018005331.2688-1-bauerman@linux.vnet.ibm.com>
On Tue, 2017-10-17 at 22:53 -0200, Thiago Jung Bauermann wrote:
> Hello,
>
> The main highlight in this version is that it fixes a bug where the modsig
> wasn't being included in the measurement list if the appraised file was
> already measured by another rule. The fix is in the last patch.
>
> Another change is that the last patch in the v4 series ("ima: Support
> module-style appended signatures for appraisal") has been broken up into
> smaller patches. I may have overdone it...
>
> Finally, I have added some patches removing superfluous parentheses from
> expressions. IMO these patches make it easier (and more pleasant) to read
> the code, and thus easier to understand it. Since I'm not sure how welcome
> the changes are, I split them in 3 "levels" in increasing potential for
> conflict with patches from other people (they can be squashed together when
> applied):
>
> 1. patch 2 contains the bare minimum, changing only lines that are also
> touched by other patches in the series;
>
> 2. patch 3 cleans up all the files that are touched by this patch series;
>
> 3. patch 4 cleans up all other EVM and IMA files that weren't already fixed
> by the previous patches.
>
> If unwanted, patches 3 and 4 can be simply skipped without affecting the
> rest of the patches. I have already rebased them from v4.13-rc2 to
> v4.14-rc3 and now to linux-integrity/next with very few easy to resolve
> conflicts, so I think they are worth keeping.
>
> These patches apply on top of today's linux-integrity/next.
This cover letter and the patch descriptions are well written,
explaining what and why you're making this change. ?The problem is
that I don't agree that fewer parentheses makes the code more
readable. ?When you repost the patches (for other reasons), please
don't include these changes.
thanks,
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-10-26 20:53 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-18 0:53 [PATCH v5 00/18] Appended signatures support for IMA appraisal Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 01/18] ima: Remove redundant conditional operator Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 02/18] ima: Remove some superfluous parentheses Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 03/18] evm, ima: Remove " Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 04/18] evm, ima: Remove more " Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 05/18] ima: Simplify ima_eventsig_init Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 06/18] ima: Improvements in ima_appraise_measurement Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 07/18] integrity: Introduce struct evm_xattr Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 08/18] integrity: Select CONFIG_KEYS instead of depending on it Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 09/18] ima: Don't pass xattr value to EVM xattr verification Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 10/18] ima: Store measurement after appraisal Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 11/18] ima: Export func_tokens Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 12/18] MODSIGN: Export module signature definitions Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-26 20:12 ` Mimi Zohar
2017-10-26 20:12 ` Mimi Zohar
2017-10-26 20:12 ` Mimi Zohar
2017-10-26 20:12 ` Mimi Zohar
2017-10-26 22:47 ` Thiago Jung Bauermann
2017-10-26 22:47 ` Thiago Jung Bauermann
2017-10-26 22:47 ` Thiago Jung Bauermann
2017-10-26 23:13 ` Mimi Zohar
2017-10-26 23:13 ` Mimi Zohar
2017-10-26 23:13 ` Mimi Zohar
2017-10-18 0:53 ` [PATCH v5 13/18] PKCS#7: Introduce pkcs7_get_message_sig and verify_pkcs7_message_sig Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-26 20:12 ` Mimi Zohar
2017-10-26 20:12 ` Mimi Zohar
2017-10-26 20:12 ` Mimi Zohar
2017-10-18 0:53 ` [PATCH v5 14/18] integrity: Introduce integrity_keyring_from_id Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 15/18] ima: Add modsig appraise_type option for module-style appended signatures Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 16/18] ima: Add functions to read and verify a modsig signature Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` [PATCH v5 17/18] ima: Implement support for module-style appended signatures Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-31 13:31 ` Mimi Zohar
2017-10-31 13:31 ` Mimi Zohar
2017-10-31 13:31 ` Mimi Zohar
2017-10-31 13:31 ` Mimi Zohar
2017-10-18 0:53 ` [PATCH v5 18/18] ima: Write modsig to the measurement list Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-18 0:53 ` Thiago Jung Bauermann
2017-10-26 20:07 ` Mimi Zohar
2017-10-26 20:07 ` Mimi Zohar
2017-10-26 20:07 ` Mimi Zohar
2017-10-26 20:07 ` Mimi Zohar
2017-10-26 22:02 ` Thiago Jung Bauermann
2017-10-26 22:02 ` Thiago Jung Bauermann
2017-10-26 22:02 ` Thiago Jung Bauermann
2017-10-26 20:53 ` Mimi Zohar [this message]
2017-10-26 20:53 ` [PATCH v5 00/18] Appended signatures support for IMA appraisal Mimi Zohar
2017-10-26 20:53 ` Mimi Zohar
2017-10-26 20:53 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1509051184.5886.139.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=bauerman@linux.vnet.ibm.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=james.l.morris@oracle.com \
--cc=jeyu@redhat.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=rusty@rustcorp.com.au \
--cc=serge@hallyn.com \
--cc=takahiro.akashi@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.