Hi Sascha, On Mon, 2018-02-26 at 15:23 +0100, Sascha Hauer wrote: > Hi All, > > When a filesystem is remounted from rw to ro then > sb_prepare_remount_readonly() is called. After this call there shouldn't > be any writers left on the filesystem. However, IMA/EVM is not aware of > this as it never calls mnt_want_write[_file](), but only looks add the > MS_RDONLY superblock flag before writing to its xattrs. This flag is > only changed after sb->s_op->remount_fs() is called. As a consequence > IMA/EVM still updates xattrs while the filesystem is going to readonly > mode. > > We observed that on a 4.0 Kernel in conjunction with UBIFS, but the > relevant code in IMA/EVM still looks the same so I assume it's present > in the current kernel aswell. > > UBIFS calculates its free space before and after the remount_fs op and > if there's a difference it prints a backtrace (dbg_check_space_info: > free space changed from x to y). We see this backtrace sometimes when > remounting the fs readonly. If I understand the situation correctly this > is not UBIFS's fault, right? Any hint what we can do about it? Not updating the file hashes could result in verification errors. I would classify updating the xattrs as working as designed. Wouldn't you? Perhaps the files changing should not be included in the IMA-appraisal policy? Mimi
