On Tue, Oct 9, 2018 at 1:52 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > > The performance hit is more noticeable over remote filesystems, but we > > have large binaries that take several seconds to hash even on local > > filesystems. Would it be helpful to try to define the assumptions that > > IMA makes in terms of whether or not it produces trustworthy results? > > It feels like it's be easier to talk about this if we have a more > > formal set of conditions to take into consideration. > > [Cc'ing Chuck Lever] > > Integrity of files on remote filesystems should probably be discussed > in the context of fs-verity, not FUSE filesystems. Hm. We /could/ fake up fs-verity style behaviour, but we're not talking about files that are expected to be immutable so it would seem like there might be mismatched semantics there. > Do you want to continue the discussion here or perhaps as an LSS-EU > BoF? This is something that's causing us pain at the moment, so if there's any chance we can reach a resolution over the next couple of weeks then I'd like to continue discussing it :)
