May be Mikhail could share GIT url to look somewhere. To see latest bits. Dmitry On Wed, Oct 18, 2017 at 11:30 PM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: > On Wed, 2017-10-18 at 22:48 +0300, Dmitry Kasatkin wrote: >> Can you please point me to the patchset email? > > This was the start of the lengthy discussion - > https://www.spinics.net/lists/linux-integrity/msg00035.html > > >> >> On Fri, Oct 13, 2017 at 2:09 AM, Dmitry Kasatkin >> <dmitry.kasatkin@xxxxxxxxx> wrote: >> > Hi all, >> > >> > [switched to plain text] >> > >> > I will check Mikhail's patches. >> > Give me a moment. >> > >> > Thanks, >> > Dmitry >> > >> > >> > On Tue, Oct 10, 2017 at 10:07 PM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: >> >> On Tue, 2017-10-10 at 02:10 +0300, Mikhail Kurinnoi wrote: >> >>> For now, we don't have ready for upstream "immutable" EVM signature >> >>> format support patch. Both, Dmitry's and my, patches need more work >> >>> in order to prevent file's data changes (in case of IMA hash) and >> >>> metadata changes for files signed by "immutable" EVM xattr (same idea >> >>> as we already have for IMA digsig, that prevent file's data change). >> >> >> >> After looking at your patches again, I think we should combine the >> >> "immutable" and "portable" concepts so that the new "portable" >> >> signature type is written out and considered "immutable". >> >> >> >> Dmitry's patch does prevent the file from changing, but that code is >> >> in IMA, but should be in EVM. I agree we can defer preventing the >> >> file from changing. >> >> >> >> Mimi >> >> >> > >> > >> > >> > -- >> > Thanks, >> > Dmitry >> >> >> > -- Thanks, Dmitry
