[PATCH v2 00/15] ima: digest list feature

[PATCH v2 00/15] ima: digest list feature · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
[PATCH v2 06/15] ima: add parser of digest lists metadata · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
Re: [PATCH v2 06/15] ima: add parser of digest lists metadata · "Serge E. Hallyn" <serge@hallyn.com> · 2017-11-18
Re: [PATCH v2 06/15] ima: add parser of digest lists metadata · Mimi Zohar <hidden> · 2017-11-18
Re: [PATCH v2 06/15] ima: add parser of digest lists metadata · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-20
Re: [PATCH v2 06/15] ima: add parser of digest lists metadata · Mimi Zohar <hidden> · 2017-11-20
Re: [PATCH v2 06/15] ima: add parser of digest lists metadata · "Serge E. Hallyn" <serge@hallyn.com> · 2017-11-20
[PATCH v2 09/15] ima: introduce securityfs interfaces for digest lists · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
[PATCH v2 01/15] ima: generalize ima_read_policy() · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
[PATCH v2 02/15] ima: generalize ima_write_policy() · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
[PATCH v2 03/15] ima: generalize policy file operations · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
[PATCH v2 04/15] ima: use ima_show_htable_value to show hash table data · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
[PATCH v2 05/15] ima: add functions to manage digest lists · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
[PATCH v2 07/15] ima: add parser of compact digest list · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
[PATCH v2 08/15] ima: add parser of RPM package headers · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
[PATCH v2 10/15] ima: disable digest lookup if digest lists are not checked · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
[PATCH v2 11/15] ima: add policy action digest_list · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
[PATCH v2 12/15] ima: do not update security.ima if appraisal status is not INTEGRITY_PASS · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
Re: [PATCH v2 12/15] ima: do not update security.ima if appraisal status is not INTEGRITY_PASS · "Serge E. Hallyn" <serge@hallyn.com> · 2017-11-18
[PATCH v2 13/15] evm: add kernel command line option to select protected xattrs · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
[PATCH v2 14/15] ima: add support for appraisal with digest lists · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
[PATCH v2 15/15] ima: add Documentation/security/IMA-digest-lists.txt · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
Re: [PATCH v2 00/15] ima: digest list feature · Mimi Zohar <hidden> · 2017-11-07
Re: [PATCH v2 00/15] ima: digest list feature · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
Re: [PATCH v2 00/15] ima: digest list feature · Kees Cook <hidden> · 2017-11-17
Re: [PATCH v2 00/15] ima: digest list feature · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-17
Re: [PATCH v2 00/15] ima: digest list feature · Mimi Zohar <hidden> · 2017-11-17
Re: [PATCH v2 00/15] ima: digest list feature · Matthew Garrett <hidden> · 2017-11-07
Re: [PATCH v2 00/15] ima: digest list feature · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-07
Re: [PATCH v2 00/15] ima: digest list feature · Matthew Garrett <hidden> · 2017-11-07
Re: [PATCH v2 00/15] ima: digest list feature · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-08
Re: [PATCH v2 00/15] ima: digest list feature · Matthew Garrett <hidden> · 2017-11-08
Re: [PATCH v2 00/15] ima: digest list feature · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-09
Re: [PATCH v2 00/15] ima: digest list feature · Matthew Garrett <hidden> · 2017-11-09
Re: [PATCH v2 00/15] ima: digest list feature · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-09
Re: [PATCH v2 00/15] ima: digest list feature · Matthew Garrett <hidden> · 2017-11-09
Re: [PATCH v2 00/15] ima: digest list feature · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-09
Re: [PATCH v2 00/15] ima: digest list feature · Mimi Zohar <hidden> · 2017-11-09
RE: [PATCH v2 00/15] ima: digest list feature · Safford, David (GE Global Research, US) <hidden> · 2017-11-07
Re: [PATCH v2 00/15] ima: digest list feature · Roberto Sassu <roberto.sassu@huawei.com> · 2017-11-08
Re: [PATCH v2 00/15] ima: digest list feature · Ken Goldman <hidden> · 2017-12-05
Re: [PATCH v2 00/15] ima: digest list feature · Roberto Sassu <roberto.sassu@huawei.com> · 2017-12-06

From: Matthew Garrett <hidden>
Date: 2017-11-07 14:49:22
Also in: linux-fsdevel, linux-integrity, lkml

On Tue, Nov 7, 2017 at 2:36 AM, Roberto Sassu [off-list ref] wrote:

Finally, digest lists address also the third issue because Linux
distribution vendors already provide the digests of files included in each
RPM package. The digest list is stored in the RPM header, signed by the
vendor.

RPM's hardly universal, and distributions are in the process of moving
away from using it for distributing non-core applications (Flatpak and
Snap are becoming increasingly popular here). I think this needs to be
a generic solution rather than having the kernel tied to a specific
package format.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help