Just addressing this one comment from a process point of view; I'll come back to the technical part later. On Sat, 2018-01-27 at 21:46 -0500, Theodore Ts'o wrote: > (And then you can get some of the "the IMA people are insane" taint > on yourself. :-) Can we please stop it with the "all IMA people are insane" mantra. I think we've created this problem, for all security people not just IMA, ourselves to some extent: We think they're insane, so we don't listen to what they want. They go and implement a complicated layering system to get what they need and we congratulate ourselves that they were insane because of the tasteless layering violations they've just committed. The average security person, as ably created by us, has a mind that automatically thinks in terms of convoluted external layering, for which we just drive them further away. IMA has demonstrated a willingness to work with fs people to try to clean up the layering problems over the past year or so, including attending the last LSF/MM to discuss it. Sure, they're going to have relapses into the layering mindset (fstype policies springs to mind), but the test is their willingness to listen to the correct way of doing things, which I think they're currently passing. Why don't you try working with them instead of starting from the a- priori axiom that you can't because they're insane? They do have years of experience of what the industry is looking for in security terms, which we should make use of. Doing security ourselves because we can't work with security people is a recipe for eventual tears. James
