Hi Mimi,
On Tue, Jan 16, 2018 at 12:23 PM, Mimi Zohar wrote:
> On Tue, 2018-01-16 at 12:09 +0100, Dongsu Park wrote:
>> Since yesterday Alban and I have been working on a different approach
>> that does not depend on IMA rules, nor fsmagic. Please see:
>> https://www.mail-archive.com/linux-kernel
On Tue, 2018-01-16 at 12:09 +0100, Dongsu Park wrote:
> Hi,
>
> On Thu, Jan 11, 2018 at 8:51 PM, Dongsu Park wrote:
> > In case of FUSE filesystem, cached integrity results in IMA could be
> > reused, when the userspace FUSE process has changed the
> > underlying files. To be able to avoid such c
Hi,
On Thu, Jan 11, 2018 at 8:51 PM, Dongsu Park wrote:
> In case of FUSE filesystem, cached integrity results in IMA could be
> reused, when the userspace FUSE process has changed the
> underlying files. To be able to avoid such cases, we need to turn on
> the force option in builtin policies, f
On Mon, 2018-01-15 at 09:18 -0800, Christoph Hellwig wrote:
> On Mon, Jan 15, 2018 at 11:32:41AM -0500, Mimi Zohar wrote:
> > For XFS, which considers fsmagic numbers private to the filesystem,
> > *always* using the fsmagic number is wrong. As to whether this is
> > true for other filesystems is
On Mon, Jan 15, 2018 at 11:32:41AM -0500, Mimi Zohar wrote:
> For XFS, which considers fsmagic numbers private to the filesystem,
> *always* using the fsmagic number is wrong. As to whether this is
> true for other filesystems is unclear. IMA policies have been defined
> in terms of fsmagic numbe
On Mon, 2018-01-15 at 06:48 -0800, Christoph Hellwig wrote:
> On Thu, Jan 11, 2018 at 08:51:48PM +0100, Dongsu Park wrote:
> > In case of FUSE filesystem, cached integrity results in IMA could be
> > reused, when the userspace FUSE process has changed the
> > underlying files. To be able to avoid s
On Thu, Jan 11, 2018 at 08:51:48PM +0100, Dongsu Park wrote:
> In case of FUSE filesystem, cached integrity results in IMA could be
> reused, when the userspace FUSE process has changed the
> underlying files. To be able to avoid such cases, we need to turn on
> the force option in builtin policies
In case of FUSE filesystem, cached integrity results in IMA could be
reused, when the userspace FUSE process has changed the
underlying files. To be able to avoid such cases, we need to turn on
the force option in builtin policies, for actions of measure and
appraise. Then integrity values become r
8 matches
Mail list logo