On Mon, Nov 16, 2020 at 09:37:32AM -0800, Linus Torvalds wrote: > On Mon, Nov 16, 2020 at 8:47 AM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > > > This discussion seems to be going down the path of requiring an IMA > > filesystem hook for reading the file, again. That solution was > > rejected, not by me. What is new this time? > > You can't read a non-read-opened file. Not even IMA can. > > So don't do that then. > > IMA is doing something wrong. Why would you ever read a file that can't be read? > > Fix whatever "open" function instead of trying to work around the fact > that you opened it wrong. IMA pulls that crap on _every_ open(2), including O_WRONLY. As far as I'm concerned, the only sane answer is not enabling that thing on your builds; they are deeply special and I hadn't been able to reason with them no matter how much I tried ;-/
