[CC'ing Dave Chinner, Ted Tso]

Hi Rishi,

On Thu, 2018-07-05 at 16:08 +0530, rishi gupta wrote:

Hi Dmitry and security team members,

I am willing to take directory protection ima patch in a commercial
product, but observed that it has not been mainlined. Is there any reason
for not mainlining it. Are there any better options for protecting
directory using IMA/EVM or some other security schemes.

https://lwn.net/Articles/512364/
https://kernel.googlesource.com/pub/scm/linux/kernel/git/kasatkin/linux-digsig/+/ima-dir-experimental/security/integrity/ima/ima_dir.c

The main purpose of the IMA-directory patch set is to protect file
names from offline attack.  Dmitry's patch set protects file names at
the immediate directory level, but does not extend up to the root
directory.  I brought up the topic of protecting file names at
LSF/MM[1].  Others in the community are aware of the problem and need
to be involved in the discussions as to how to address it.

[1] https://lwn.net/Articles/753276/

Mimi