On Fri, May 1, 2026 at 4:42 AM Mimi Zohar <[email protected]> wrote: > > On Thu, 2026-04-30 at 21:32 -0500, Sahil Gupta wrote: > > > Have you considered using IS_RDONLY(real_inode)? > > > > OOC are ima caches invalidated on fs reconfigure? If that is the case, > > then IS_RDONLY ought to do the trick. > > Per-inode IMA integrity status (iint) is now stored directly in the inode's > LSM > security blob rather than in a red-black tree cache. By "fs reconfiguration", > do you mean remounting the filesystem? If so, the iint stored in the LSM > security blob should be freed when the filesystem is unmounted. >
We considered using IS_RDONLY(), but the concern involved the remount path rather than an explicit unmount and subsequent mount. From my understanding, userspace can toggle the read only flag using "mount -o remount,rw" without freeing the inodes from memory. A malicious user could then exploit this by caching the appraisal result, modifying the file, remounting fs as read-only, and then IMA would trust the cached appraisal result.
