From mboxrd@z Thu Jan  1 00:00:00 1970
From: zohar@linux.vnet.ibm.com (Mimi Zohar)
Date: Mon, 05 Feb 2018 12:31:41 -0500
Subject: [PATCH] ima: define new policy condition based on the
	filesystem name
In-Reply-To: <20180115171914.GB28088@infradead.org>
References: <1516033236.6607.6.camel@linux.vnet.ibm.com>
	<20180115162726.GB15686@infradead.org>
	<1516034407.6607.26.camel@linux.vnet.ibm.com>
	<20180115171914.GB28088@infradead.org>
Message-ID: <1517851901.3736.120.camel@linux.vnet.ibm.com>
To: linux-security-module@vger.kernel.org
List-Id: linux-security-module.vger.kernel.org

On Mon, 2018-01-15 at 09:19 -0800, Christoph Hellwig wrote:
> On Mon, Jan 15, 2018 at 11:40:07AM -0500, Mimi Zohar wrote:
> > rootfs IS different than other filesystems, as other filesystems
> > uniquely identify the underlying filesystem type. ?rootfs can be a
> > ramfs or tmpfs filesystem. ?Only tmpfs supports xattrs.
> 
> Tons of filesystems only have xattrs optionally.  Check for goddamn
> xattrs if that is the requirement and not a name that has absolutely
> zero meaning for functionality.  That is the whole point!

I should have said the main reason for defining a rootfs policy rule
is not to differentiate it from ramfs, but the ability to require file
signatures.

Up to now, CPIO did not support xattrs. ?With Taras' proposed CPIO
xattr patch set, the initramfs can now be properly labeled with file
signatures. ?Since only some systems will include file signatures in
the initramfs, we need to be able to differentiate between those that
require file signatures from those that don't.

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:39610 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1753290AbeBERbt (ORCPT
        <rfc822;linux-fsdevel@vger.kernel.org>);
        Mon, 5 Feb 2018 12:31:49 -0500
Received: from pps.filterd (m0098399.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w15HTAaT134088
        for <linux-fsdevel@vger.kernel.org>; Mon, 5 Feb 2018 12:31:49 -0500
Received: from e06smtp12.uk.ibm.com (e06smtp12.uk.ibm.com [195.75.94.108])
        by mx0a-001b2d01.pphosted.com with ESMTP id 2fxubn132c-1
        (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
        for <linux-fsdevel@vger.kernel.org>; Mon, 05 Feb 2018 12:31:48 -0500
Received: from localhost
        by e06smtp12.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-fsdevel@vger.kernel.org> from <zohar@linux.vnet.ibm.com>;
        Mon, 5 Feb 2018 17:31:46 -0000
Subject: Re: [PATCH] ima: define new policy condition based on the
 filesystem name
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: linux-integrity <linux-integrity@vger.kernel.org>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        TarasKondratiuk <takondra@cisco.com>,
        Victor Kamensky <kamensky@cisco.com>,
        RobLandley <rob@landley.net>
Date: Mon, 05 Feb 2018 12:31:41 -0500
In-Reply-To: <20180115171914.GB28088@infradead.org>
References: <1516033236.6607.6.camel@linux.vnet.ibm.com>
         <20180115162726.GB15686@infradead.org>
         <1516034407.6607.26.camel@linux.vnet.ibm.com>
         <20180115171914.GB28088@infradead.org>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <1517851901.3736.120.camel@linux.vnet.ibm.com>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Mon, 2018-01-15 at 09:19 -0800, Christoph Hellwig wrote:
> On Mon, Jan 15, 2018 at 11:40:07AM -0500, Mimi Zohar wrote:
> > rootfs IS different than other filesystems, as other filesystems
> > uniquely identify the underlying filesystem type.  rootfs can be a
> > ramfs or tmpfs filesystem.  Only tmpfs supports xattrs.
> 
> Tons of filesystems only have xattrs optionally.  Check for goddamn
> xattrs if that is the requirement and not a name that has absolutely
> zero meaning for functionality.  That is the whole point!

I should have said the main reason for defining a rootfs policy rule
is not to differentiate it from ramfs, but the ability to require file
signatures.

Up to now, CPIO did not support xattrs.  With Taras' proposed CPIO
xattr patch set, the initramfs can now be properly labeled with file
signatures.  Since only some systems will include file signatures in
the initramfs, we need to be able to differentiate between those that
require file signatures from those that don't.

Mimi