diff for duplicates of <20170511081659.GA20214@lst.de> diff --git a/a/1.txt b/N1/1.txt index 5bdd00e..3a6a237 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,16 +1,16 @@ On Wed, May 10, 2017 at 05:00:47PM -0400, Mimi Zohar wrote: -> Without i_version support the file is measured/appraised once. ?With +> Without i_version support the file is measured/appraised once. �With > i_version support it will be re-measured/appraised. As a file system > is mounted/remounted, some sort of message should be emitted > indicating whether i_version is supported. You can check for (sb->s_flags & MS_I_VERSION) to see if it's supported. -> ?That does not imply that +> �That does not imply that > there is no value in measuring/appraising the file only once. > > With this patch, the "opt-in" behavior, is only for measurement, not -> appraisal. ?For appraisal, it still enforces file hash/signature +> appraisal. �For appraisal, it still enforces file hash/signature > verification, as it should, based on policy. > > Christoph, could we call ->read_iter() in the NULL case as Boaz @@ -21,7 +21,3 @@ No - that way you get deadlocks for every fs that uses i_rwsem in We can set ->integrity_read for every file system that's been tested with IMA, though. Do you have a list of known-good file systems? --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index d113ada..2bef1ce 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -3,25 +3,31 @@ "ref\0a552827e-922d-0b28-2919-90c780a8a414@plexistor.com\0" "ref\020170510132359.GA22549@lst.de\0" "ref\01494450047.3006.28.camel@linux.vnet.ibm.com\0" - "From\0hch@lst.de (Christoph Hellwig)\0" - "Subject\0[PATCH] security/ima: use fs method to read integrity data\0" + "From\0Christoph Hellwig <hch@lst.de>\0" + "Subject\0Re: [PATCH] security/ima: use fs method to read integrity data\0" "Date\0Thu, 11 May 2017 10:16:59 +0200\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" + "Cc\0Christoph Hellwig <hch@lst.de>" + Boaz Harrosh <boaz@plexistor.com> + Al Viro <viro@zeniv.linux.org.uk> + linux-fsdevel@vger.kernel.org + linux-ima-devel@lists.sourceforge.net + " linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Wed, May 10, 2017 at 05:00:47PM -0400, Mimi Zohar wrote:\n" - "> Without i_version support the file is measured/appraised once. ?With\n" + "> Without i_version support the file is measured/appraised once. \303\257\302\277\302\275With\n" "> i_version support it will be re-measured/appraised. As a file system\n" "> is mounted/remounted, some sort of message should be emitted\n" "> indicating whether i_version is supported.\n" "\n" "You can check for (sb->s_flags & MS_I_VERSION) to see if it's supported.\n" "\n" - "> ?That does not imply that\n" + "> \303\257\302\277\302\275That does not imply that\n" "> there is no value in measuring/appraising the file only once.\n" "> \n" "> With this patch, the \"opt-in\" behavior, is only for measurement, not\n" - "> appraisal. ?For appraisal, it still enforces file hash/signature\n" + "> appraisal. \303\257\302\277\302\275For appraisal, it still enforces file hash/signature\n" "> verification, as it should, based on policy.\n" "> \n" "> Christoph, could we call ->read_iter() in the NULL case as Boaz\n" @@ -31,10 +37,6 @@ "->read_iter, which is perfectly valid behavior.\n" "\n" "We can set ->integrity_read for every file system that's been tested\n" - "with IMA, though. Do you have a list of known-good file systems?\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + with IMA, though. Do you have a list of known-good file systems? -17839145d4a91512da993fe417a33c7822c68e40d280b5263293bb3460ffc85b +3211d20514d7ad02163cc96be9254aafe9004e7ce9a0c028a79d7bf29cd9abb1
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.