From: Mimi Zohar <zohar@linux.ibm.com>
To: Florent Revest <revest@chromium.org>,
Casey Schaufler <casey@schaufler-ca.com>,
linux-integrity@vger.kernel.org,
Matthew Garrett <mjg59@google.com>
Cc: jmorris@namei.org, serge@hallyn.com, revest@google.com,
allison@lohutok.net, armijn@tjaldur.nl, bauerman@linux.ibm.com,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, kpsingh@chromium.org
Subject: Re: [PATCH] integrity: Expose data structures required for include/linux/integrity.h
Date: Wed, 18 Dec 2019 13:43:36 -0500 [thread overview]
Message-ID: <1576694616.4579.412.camel@linux.ibm.com> (raw)
In-Reply-To: <63f057fb98351324c8fc6210c42f3cbd76e85a68.camel@chromium.org>
On Wed, 2019-12-18 at 17:56 +0100, Florent Revest wrote:
> On Wed, 2019-12-18 at 09:28 -0500, Mimi Zohar wrote:
> > [Cc'ing Matthew]
> >
> > > There's a major difference between returning just the file hash and
> > > making the integrity_iint_cache structure public.
>
> Certainly!
> I am new to this subsystem so I just wanted to get the discussion
> started. I am happy to make a more specific function.
>
> > > Peter Moody's original code queried the cache[1]. Why do you need
> > > access to the structure itself?
> > > FYI, if/when we get to IMA namespacing, the cache structure will
> > > change.
> > >
> > > [1] ima: add the ability to query ima for the hash of a given file.
> >
> > If you're using Peter's patch, or something similar, I'd appreciate
> > your taking the time to upstream it.
>
> Thank you for pointing me to Peter's patch! No one in my team was aware
> of his work on this. Ugh!
> It appears that Peter left the company while trying to upstream his
> patch and the situation just got stuck there for 4+ years now.
>
> If you are still positive about the idea of a ima_file_hash function, I
> will take his v6 patch (this is the latest I could find on the
> sourceforce archives of linux-ima-devel), rebase it, take your comments
> into account and send a new version by the end of the week.
Matthew also wasn't aware of Peter's patch, until I sent it to him. I
assume they're using it or something similar. Please coordinate with
him, before refreshing and posting the patch.
thanks,
Mimi
prev parent reply other threads:[~2019-12-18 18:43 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-17 13:47 [PATCH] integrity: Expose data structures required for include/linux/integrity.h Florent Revest
2019-12-17 16:25 ` Casey Schaufler
2019-12-17 23:08 ` Mimi Zohar
2019-12-18 11:03 ` Florent Revest
2019-12-18 13:34 ` Mimi Zohar
2019-12-18 14:28 ` Mimi Zohar
2019-12-18 16:56 ` Florent Revest
2019-12-18 18:43 ` Mimi Zohar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1576694616.4579.412.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=allison@lohutok.net \
--cc=armijn@tjaldur.nl \
--cc=bauerman@linux.ibm.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=kpsingh@chromium.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mjg59@google.com \
--cc=revest@chromium.org \
--cc=revest@google.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.