Re: RFC: Make it practical to ship EVM signatures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2017-10-10 at 02:10 +0300, Mikhail Kurinnoi wrote:
> For now, we don't have ready for upstream "immutable" EVM signature
> format support patch. Both, Dmitry's and my, patches need more work
> in order to prevent file's data changes (in case of IMA hash) and
> metadata changes for files signed by "immutable" EVM xattr (same idea
> as we already have for IMA digsig, that prevent file's data change).

After looking at your patches again, I think we should combine the
"immutable" and "portable" concepts so that the new "portable"
signature type is written out and considered "immutable". 

Dmitry's patch does prevent the file from changing, but that code is
in IMA, but should be in EVM.  I agree we can defer preventing the
file from changing.

Mimi




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux