Can you please point me to the patchset email? Thanks, Dmitry On Fri, Oct 13, 2017 at 2:09 AM, Dmitry Kasatkin <dmitry.kasatkin@xxxxxxxxx> wrote: > Hi all, > > [switched to plain text] > > I will check Mikhail's patches. > Give me a moment. > > Thanks, > Dmitry > > > On Tue, Oct 10, 2017 at 10:07 PM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: >> On Tue, 2017-10-10 at 02:10 +0300, Mikhail Kurinnoi wrote: >>> For now, we don't have ready for upstream "immutable" EVM signature >>> format support patch. Both, Dmitry's and my, patches need more work >>> in order to prevent file's data changes (in case of IMA hash) and >>> metadata changes for files signed by "immutable" EVM xattr (same idea >>> as we already have for IMA digsig, that prevent file's data change). >> >> After looking at your patches again, I think we should combine the >> "immutable" and "portable" concepts so that the new "portable" >> signature type is written out and considered "immutable". >> >> Dmitry's patch does prevent the file from changing, but that code is >> in IMA, but should be in EVM. I agree we can defer preventing the >> file from changing. >> >> Mimi >> > > > > -- > Thanks, > Dmitry -- Thanks, Dmitry
