[PATCH v2 10/10] ima: use existing read file operation method to calculate file hash

[PATCH v2 00/10] define new fs integrity_read method · Mimi Zohar <hidden> · 2017-06-21
[PATCH v2 05/10] tmpfs: define integrity_read method · Mimi Zohar <hidden> · 2017-06-21
Re: [PATCH v2 05/10] tmpfs: define integrity_read method · Christoph Hellwig <hch@lst.de> · 2017-06-28
Re: [PATCH v2 05/10] tmpfs: define integrity_read method · Mimi Zohar <hidden> · 2017-07-06
[PATCH v2 01/10] ima: always measure and audit files in policy · Mimi Zohar <hidden> · 2017-06-21
[PATCH v2 02/10] ima: use fs method to read integrity data · Mimi Zohar <hidden> · 2017-06-21
Re: [PATCH v2 02/10] ima: use fs method to read integrity data · Christoph Hellwig <hch@lst.de> · 2017-06-28
[PATCH v2 03/10] ima: define "dont_failsafe" policy action rule · Mimi Zohar <hidden> · 2017-06-21
[PATCH v2 04/10] ima: define "fs_unsafe" builtin policy · Mimi Zohar <hidden> · 2017-06-21
[PATCH v2 06/10] fs: define integrity_read method for ext2, gfs2, f2fs, jfs, ramfs · Mimi Zohar <hidden> · 2017-06-21
Re: [PATCH v2 06/10] fs: define integrity_read method for ext2, gfs2, f2fs, jfs, ramfs · Christoph Hellwig <hch@lst.de> · 2017-06-28
[PATCH v2 08/10] jffs2: define integrity_read method · Mimi Zohar <hidden> · 2017-06-21
Re: [PATCH v2 08/10] jffs2: define integrity_read method · Christoph Hellwig <hch@lst.de> · 2017-06-28
[PATCH v2 07/10] ocfs2: define integrity_read method · Mimi Zohar <hidden> · 2017-06-21
Re: [PATCH v2 07/10] ocfs2: define integrity_read method · Christoph Hellwig <hch@lst.de> · 2017-06-28
[PATCH v2 10/10] ima: use existing read file operation method to calculate file hash · Mimi Zohar <hidden> · 2017-06-21
Re: [PATCH v2 10/10] ima: use existing read file operation method to calculate file hash · Christoph Hellwig <hch@lst.de> · 2017-06-28
Re: [PATCH v2 10/10] ima: use existing read file operation method to calculate file hash · Mimi Zohar <hidden> · 2017-07-05
Re: [PATCH v2 10/10] ima: use existing read file operation method to calculate file hash · Matthew Garrett <mjg59@srcf.ucam.org> · 2017-07-05
Re: [PATCH v2 10/10] ima: use existing read file operation method to calculate file hash · Christoph Hellwig <hch@lst.de> · 2017-07-05
[PATCH v2 09/10] ubifs: define integrity_read method · Mimi Zohar <hidden> · 2017-06-21
Re: [PATCH v2 09/10] ubifs: define integrity_read method · Christoph Hellwig <hch@lst.de> · 2017-06-28

From: mjg59@srcf.ucam.org (Matthew Garrett)
Date: 2017-07-05 17:52:27
Also in: linux-fsdevel

On Wed, Jul 05, 2017 at 10:50:09AM -0400, Mimi Zohar wrote:

[Cc'ing linux-ima-users]

On Wed, 2017-06-28 at 16:41 +0200, Christoph Hellwig wrote:

quoted

NAK - we'll need an explicit method for the integrity code.

And just curious - what filesystem that you care about actually
implements ->read instead of ->read_iter?  We shouldn't be doing that
for real file systems anymore.

Right, pseudo filesystems are using ->read. The existing builtin
measurement policies exclude a number of pseudo filesystems, but not
efivarfs. ?Unfortunately, we do not know what type of custom policies
are currently being used.

efi variables contain information that may influence userspace behaviour 
and can also be modified out of band, so I think there's a reasonable 
argument that they should be measured.

-- 
Matthew Garrett | mjg59 at srcf.ucam.org
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help