On Wed, 2018-02-28 at 09:30 -0600, Serge E. Hallyn wrote:

Quoting Mimi Zohar (zohar at linux.vnet.ibm.com):

quoted

On Tue, 2018-02-27 at 16:35 -0600, Serge E. Hallyn wrote:

quoted

Quoting Mimi Zohar (zohar at linux.vnet.ibm.com):

quoted

This patch addresses the fuse privileged mounted filesystems in
environments which are unwilling to accept the risk of trusting the
signature verification and want to always fail safe, but are for
example using a pre-built kernel.

This patch defines a new builtin policy "unverifiable_sigs", which can

How about recalc_unverifiable_sigs?

Cute, I really like that name, but in this case we're failing the
signature verification.

quoted

It's long, but unverifiable_sigs
is  not clear about whether the intent is to accept or recalculate them.

(or fail_unverifiable_sigs like the flag)

Could we abbreviate it to "fail_usigs"? ?Or perhaps allow both
"fail_unverifiable_sigs" and "fail_usigs".

That sounds good.  Or fail_unverified?  But so long as 'fail' is somehow
clearly implied by the name.

None of these names mean anything to anyone but us. ?How about
"fail_safe"? ?That at least has some meaning to some people.

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html