On Tue, Apr 11, 2017 at 11:08:47PM -0700, Christoph Hellwig wrote: > On Wed, Apr 12, 2017 at 08:05:34AM +0200, Oleksij Rempel wrote: > > The code seems to confirm it. So i assumed that IMA don't care if > > i_version is stored to disk or not. And i_version is the only way > > to notify IMA about inode changes. > > Since IMA documentation explecitley set i_version as reqieremt, so this > > option was provided as well. > > Maybe IMA doesn't care, but if you set MS_I_VERSION the fs does give > a guarantee. Sp NAK on this patch as-is. Ok, it was an expekted NACK :) Suddenly right now i don't have good ide to solve it. IMA just won't to know if some runtime changes was made to FS. Currently i can image fallowing variants: - rework IMA - add MS_I_TEMP_VERSION and keep i_version using for it. - add new variable for external use only. For example: ima_rt_i_version, or some thing like this. Other ideas? -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
