Re: [PATCH v2 00/15] ima: digest list feature

On Thu, Nov 9, 2017 at 4:51 AM, Roberto Sassu <roberto.sa...@huawei.com> wrote: > On 11/8/2017 4:48 PM, Matthew Garrett wrote: >> The code doing the parsing is in the initramfs, which has already been >> measured at boot time. You can guarantee that it's being do

Re: [PATCH v2 00/15] ima: digest list feature

On Wed, Nov 8, 2017 at 7:00 AM, Roberto Sassu <roberto.sa...@huawei.com> wrote: > On 11/7/2017 7:06 PM, Matthew Garrett wrote: >> But we're still left in a state where the kernel has to end up >> supporting a number of very niche formats, and userland agility is >>

Re: [PATCH v2 00/15] ima: digest list feature

On Tue, Nov 7, 2017 at 12:53 PM, Roberto Sassu <roberto.sa...@huawei.com> wrote: > On 11/7/2017 3:49 PM, Matthew Garrett wrote: >> RPM's hardly universal, and distributions are in the process of moving >> away from using it for distributing non-core applications (Flatpak and

Re: [PATCH v2 00/15] ima: digest list feature

On Tue, Nov 7, 2017 at 2:36 AM, Roberto Sassu wrote: > Finally, digest lists address also the third issue because Linux > distribution vendors already provide the digests of files included in each > RPM package. The digest list is stored in the RPM header, signed by the