From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mimi Zohar Subject: Re: [PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk Date: Mon, 01 Jul 2019 09:22:16 -0400 Message-ID: <1561987336.4067.8.camel@linux.ibm.com> References: <20190523121803.21638-1-roberto.sassu@huawei.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20190523121803.21638-1-roberto.sassu@huawei.com> Sender: linux-kernel-owner@vger.kernel.org To: Roberto Sassu , viro@zeniv.linux.org.uk Cc: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, initramfs@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, bug-cpio@gnu.org, zohar@linux.vnet.ibm.com, silviu.vlasceanu@huawei.com, dmitry.kasatkin@huawei.com, takondra@cisco.com, kamensky@cisco.com, hpa@zytor.com, arnd@arndb.de, rob@landley.net, james.w.mcmechan@gmail.com, niveditas98@gmail.com List-Id: linux-api@vger.kernel.org On Thu, 2019-05-23 at 14:18 +0200, Roberto Sassu wrote: > This patch set aims at solving the following use case: appraise files from > the initial ram disk. To do that, IMA checks the signature/hash from the > security.ima xattr. Unfortunately, this use case cannot be implemented > currently, as the CPIO format does not support xattrs. > > This proposal consists in including file metadata as additional files named > METADATA!!!, for each file added to the ram disk. The CPIO parser in the > kernel recognizes these special files from the file name, and calls the > appropriate parser to add metadata to the previously extracted file. It has > been proposed to use bit 17:16 of the file mode as a way to recognize files > with metadata, but both the kernel and the cpio tool declare the file mode > as unsigned short. Thanks, Roberto! Victor, Taras, Rob, Arvind, Peter, if you're good with this latest design, could we get some Reviewed-by, Acked-by, or Tested-by? thanks! Mimi