On Wed, 2018-02-28 at 09:30 -0600, Serge E. Hallyn wrote: > Quoting Mimi Zohar (zohar@xxxxxxxxxxxxxxxxxx): > > On Tue, 2018-02-27 at 16:35 -0600, Serge E. Hallyn wrote: > > > Quoting Mimi Zohar (zohar@xxxxxxxxxxxxxxxxxx): > > > > This patch addresses the fuse privileged mounted filesystems in > > > > environments which are unwilling to accept the risk of trusting the > > > > signature verification and want to always fail safe, but are for > > > > example using a pre-built kernel. > > > > > > > > This patch defines a new builtin policy "unverifiable_sigs", which can > > > > > > How about recalc_unverifiable_sigs? > > > > Cute, I really like that name, but in this case we're failing the > > signature verification. > > > > > It's long, but unverifiable_sigs > > > is not clear about whether the intent is to accept or recalculate them. > > > > > > (or fail_unverifiable_sigs like the flag) > > > > Could we abbreviate it to "fail_usigs"? Or perhaps allow both > > "fail_unverifiable_sigs" and "fail_usigs". > > That sounds good. Or fail_unverified? But so long as 'fail' is somehow > clearly implied by the name. None of these names mean anything to anyone but us. How about "fail_safe"? That at least has some meaning to some people. Mimi
