Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On Sat, 2018-02-17 at 16:26 -0800, h...@zytor.com wrote: > Do you have a description of the gaps you have identified? Probably the 2016 Linux Security Summit (LSS) integrity status update has the best list. http://events17.linuxfoundation.org/sites/events/files/slides/LSS2016-

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On Sat, 2018-02-17 at 16:26 -0800, h...@zytor.com wrote: > Do you have a description of the gaps you have identified? Probably the 2016 Linux Security Summit (LSS) integrity status update has the best list. http://events17.linuxfoundation.org/sites/events/files/slides/LSS2016-

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On February 17, 2018 4:15:12 PM PST, Mimi Zohar wrote: >On Fri, 2018-02-16 at 12:59 -0800, H. Peter Anvin wrote: >> On 02/16/18 12:33, Taras Kondratiuk wrote: >> > Many of the Linux security/integrity features are dependent on file >> > metadata, stored as extended

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On February 17, 2018 4:15:12 PM PST, Mimi Zohar wrote: >On Fri, 2018-02-16 at 12:59 -0800, H. Peter Anvin wrote: >> On 02/16/18 12:33, Taras Kondratiuk wrote: >> > Many of the Linux security/integrity features are dependent on file >> > metadata, stored as extended attributes (xattrs), for

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On February 17, 2018 4:15:12 PM PST, Mimi Zohar wrote: >On Fri, 2018-02-16 at 12:59 -0800, H. Peter Anvin wrote: >> On 02/16/18 12:33, Taras Kondratiuk wrote: >> > Many of the Linux security/integrity features are dependent on file >> > metadata, stored as extended

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On February 17, 2018 4:15:12 PM PST, Mimi Zohar wrote: >On Fri, 2018-02-16 at 12:59 -0800, H. Peter Anvin wrote: >> On 02/16/18 12:33, Taras Kondratiuk wrote: >> > Many of the Linux security/integrity features are dependent on file >> > metadata, stored as extended attributes (xattrs), for

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On Fri, 2018-02-16 at 12:59 -0800, H. Peter Anvin wrote: > On 02/16/18 12:33, Taras Kondratiuk wrote: > > Many of the Linux security/integrity features are dependent on file > > metadata, stored as extended attributes (xattrs), for making decisions. > > These features need to be initialized during

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On Fri, 2018-02-16 at 12:59 -0800, H. Peter Anvin wrote: > On 02/16/18 12:33, Taras Kondratiuk wrote: > > Many of the Linux security/integrity features are dependent on file > > metadata, stored as extended attributes (xattrs), for making decisions. > > These features need to be initialized during

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On 02/16/2018 06:00 PM, h...@zytor.com wrote: > Introducing new, incompatible data formats is an inherently *very* > costly operation; unfortunately many engineers don't seem to have a good grip > of just *how* expensive it is (see "silly embedded nonsense hacks", "too > little, too soon".) So

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On 02/16/2018 06:00 PM, h...@zytor.com wrote: > Introducing new, incompatible data formats is an inherently *very* > costly operation; unfortunately many engineers don't seem to have a good grip > of just *how* expensive it is (see "silly embedded nonsense hacks", "too > little, too soon".) So

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

Quoting h...@zytor.com (2018-02-16 16:00:36) > On February 16, 2018 1:47:35 PM PST, Victor Kamensky > wrote: > > > > > >On Fri, 16 Feb 2018, Rob Landley wrote: > > > >> > >> On 02/16/2018 02:59 PM, H. Peter Anvin wrote: > >>> On 02/16/18 12:33, Taras Kondratiuk wrote: >

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

Quoting h...@zytor.com (2018-02-16 16:00:36) > On February 16, 2018 1:47:35 PM PST, Victor Kamensky > wrote: > > > > > >On Fri, 16 Feb 2018, Rob Landley wrote: > > > >> > >> On 02/16/2018 02:59 PM, H. Peter Anvin wrote: > >>> On 02/16/18 12:33, Taras Kondratiuk wrote: > Many of the Linux

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On February 16, 2018 1:47:35 PM PST, Victor Kamensky wrote: > > >On Fri, 16 Feb 2018, Rob Landley wrote: > >> >> On 02/16/2018 02:59 PM, H. Peter Anvin wrote: >>> On 02/16/18 12:33, Taras Kondratiuk wrote: Many of the Linux security/integrity features are dependent on

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On February 16, 2018 1:47:35 PM PST, Victor Kamensky wrote: > > >On Fri, 16 Feb 2018, Rob Landley wrote: > >> >> On 02/16/2018 02:59 PM, H. Peter Anvin wrote: >>> On 02/16/18 12:33, Taras Kondratiuk wrote: Many of the Linux security/integrity features are dependent on file metadata,

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On 02/16/18 12:33, Taras Kondratiuk wrote: > Many of the Linux security/integrity features are dependent on file > metadata, stored as extended attributes (xattrs), for making decisions. > These features need to be initialized during initcall and enabled as > early as possible for complete

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On 02/16/18 12:33, Taras Kondratiuk wrote: > Many of the Linux security/integrity features are dependent on file > metadata, stored as extended attributes (xattrs), for making decisions. > These features need to be initialized during initcall and enabled as > early as possible for complete

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On Fri, 16 Feb 2018, Rob Landley wrote: On 02/16/2018 02:59 PM, H. Peter Anvin wrote: On 02/16/18 12:33, Taras Kondratiuk wrote: Many of the Linux security/integrity features are dependent on file metadata, stored as extended attributes (xattrs), for making decisions. These features need

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On Fri, 16 Feb 2018, Rob Landley wrote: On 02/16/2018 02:59 PM, H. Peter Anvin wrote: On 02/16/18 12:33, Taras Kondratiuk wrote: Many of the Linux security/integrity features are dependent on file metadata, stored as extended attributes (xattrs), for making decisions. These features need

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On 02/16/2018 02:59 PM, H. Peter Anvin wrote: > On 02/16/18 12:33, Taras Kondratiuk wrote: >> Many of the Linux security/integrity features are dependent on file >> metadata, stored as extended attributes (xattrs), for making decisions. >> These features need to be initialized during initcall and

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

On 02/16/2018 02:59 PM, H. Peter Anvin wrote: > On 02/16/18 12:33, Taras Kondratiuk wrote: >> Many of the Linux security/integrity features are dependent on file >> metadata, stored as extended attributes (xattrs), for making decisions. >> These features need to be initialized during initcall and

[PATCH v3 01/15] Documentation: add newcx initramfs format description

Many of the Linux security/integrity features are dependent on file metadata, stored as extended attributes (xattrs), for making decisions. These features need to be initialized during initcall and enabled as early as possible for complete security coverage. Initramfs (tmpfs) supports xattrs, but

[PATCH v3 01/15] Documentation: add newcx initramfs format description

Many of the Linux security/integrity features are dependent on file metadata, stored as extended attributes (xattrs), for making decisions. These features need to be initialized during initcall and enabled as early as possible for complete security coverage. Initramfs (tmpfs) supports xattrs, but