On Thu, 2019-02-28 at 13:41 -0800, Matthew Garrett wrote: > On Thu, Feb 28, 2019 at 10:05 AM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > > > > > > > diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy > > > > index 09a5def7e28a..6a517282068d 100644 > > > > --- a/Documentation/ABI/testing/ima_policy > > > > +++ b/Documentation/ABI/testing/ima_policy > > > > @@ -24,7 +24,8 @@ Description: > > > > [euid=] [fowner=] [fsname=] [subtype=]] > > > > lsm: [[subj_user=] [subj_role=] [subj_type=] > > > > [obj_user=] [obj_role=] [obj_type=]] > > > > - option: [[appraise_type=]] [permit_directio] > > > > + option: [[appraise_type=] [permit_directio] > > > > + [trust_vfs]] > > > > > > Let's generalize "trust_vfs" a bit. How about introducing > > > "collect_type=", with the default being reading and calculating the > > > file hash? > > > > The naming might be based on the VFS name (e.g vfs_read, vfs_get_hash) > > or on the file_operations name (eg. read, get_hash). > > If collect_type=get_hash and the filesystem doesn't support the > get_hash type, should the behaviour be to fall back to read? "get_hash" should be limited to a specific filesystem type and subtype. Based on the filesystem type and subtype, couldn't a warning be emitted at policy load time. Mimi
