On Tue, Dec 11, 2012 at 7:55 PM, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > On Tue, Dec 11, 2012 at 9:40 AM, Kasatkin, Dmitry > <dmitry.kasatkin@xxxxxxxxx> wrote: >>> >>> Quite frankly, this seems stupid. >> >> What exactly seems stupid here? > > What I said. Go back and read it. I gave three reasons. Why do you ask? > > I'll give one more reason, but you probably won't read *this* email > either, will you? > >> There are different filesystems which are not checked by IMA/EVM, >> such as pseudo-filesystems. > > Did you read my email? > > There are probably *also* individual that aren't checked by IMA/EVM > even on filesystems that *do* check other files. > > No? > > And your "pseudo-filesystems" argument is pretty stupid too, since WE > ALREADY HAVE A FLAG FOR THAT! > > Guess where it is? Oh, it's in the place I already mentioned makes > more sense. Look for S_PRIVATE in inode->i_flags, and IS_PRIVATE() in > users. It's what the other security models already use to avoid > bothering calling down to the security layers. The fact that the > integrity layer bypasses the normal security layer in > ima_file_check(), for example, is no excuse to then make up totally > new flags. Actually S_PRIVATE does not work work for normal filesystems which IMA might want to ignore. > > So let me repeat: adding a new superblock flag seems STUPID. Why is it > in a completely different place than all the other flags that we > already have for these kinds of things? Why should we add a new field, > when we have existing fields that seem to do exactly this, do it > better, and are already used? > > And don't ask me why without reading this email. OK? > > Linus -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
