From mboxrd@z Thu Jan 1 00:00:00 1970 From: hch@lst.de (Christoph Hellwig) Date: Thu, 11 May 2017 10:16:59 +0200 Subject: [PATCH] security/ima: use fs method to read integrity data In-Reply-To: <1494450047.3006.28.camel@linux.vnet.ibm.com> References: <20170510064507.1764-1-hch@lst.de> <20170510064507.1764-2-hch@lst.de> <20170510132359.GA22549@lst.de> <1494450047.3006.28.camel@linux.vnet.ibm.com> Message-ID: <20170511081659.GA20214@lst.de> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Wed, May 10, 2017 at 05:00:47PM -0400, Mimi Zohar wrote: > Without i_version support the file is measured/appraised once. ?With > i_version support it will be re-measured/appraised. As a file system > is mounted/remounted, some sort of message should be emitted > indicating whether i_version is supported. You can check for (sb->s_flags & MS_I_VERSION) to see if it's supported. > ?That does not imply that > there is no value in measuring/appraising the file only once. > > With this patch, the "opt-in" behavior, is only for measurement, not > appraisal. ?For appraisal, it still enforces file hash/signature > verification, as it should, based on policy. > > Christoph, could we call ->read_iter() in the NULL case as Boaz > suggested? No - that way you get deadlocks for every fs that uses i_rwsem in ->read_iter, which is perfectly valid behavior. We can set ->integrity_read for every file system that's been tested with IMA, though. Do you have a list of known-good file systems? -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from verein.lst.de ([213.95.11.211]:53637 "EHLO newverein.lst.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754490AbdEKIRB (ORCPT ); Thu, 11 May 2017 04:17:01 -0400 Date: Thu, 11 May 2017 10:16:59 +0200 From: Christoph Hellwig To: Mimi Zohar Cc: Christoph Hellwig , Boaz Harrosh , Al Viro , linux-fsdevel@vger.kernel.org, linux-ima-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org Subject: Re: [PATCH] security/ima: use fs method to read integrity data Message-ID: <20170511081659.GA20214@lst.de> References: <20170510064507.1764-1-hch@lst.de> <20170510064507.1764-2-hch@lst.de> <20170510132359.GA22549@lst.de> <1494450047.3006.28.camel@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1494450047.3006.28.camel@linux.vnet.ibm.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Wed, May 10, 2017 at 05:00:47PM -0400, Mimi Zohar wrote: > Without i_version support the file is measured/appraised once. �With > i_version support it will be re-measured/appraised. As a file system > is mounted/remounted, some sort of message should be emitted > indicating whether i_version is supported. You can check for (sb->s_flags & MS_I_VERSION) to see if it's supported. > �That does not imply that > there is no value in measuring/appraising the file only once. > > With this patch, the "opt-in" behavior, is only for measurement, not > appraisal. �For appraisal, it still enforces file hash/signature > verification, as it should, based on policy. > > Christoph, could we call ->read_iter() in the NULL case as Boaz > suggested? No - that way you get deadlocks for every fs that uses i_rwsem in ->read_iter, which is perfectly valid behavior. We can set ->integrity_read for every file system that's been tested with IMA, though. Do you have a list of known-good file systems?