On Wed, 2017-11-01 at 10:54 -0700, Matthew Garrett wrote: > Ok, thinking about this some more, I think I'm conflating two > independent things here. Whether the extended attributes and file > contents are modifiable is a matter of policy rather than something > that should be tied to the signature format, so I think the approach > that makes sense is to make the portable signatures immutable (as > previously discussed) So updating any file metadata, including security xattrs, included in the signature will not cause the security.evm to change. The file metadata will be permited to change. > and then allow userland to define a policy that > permits modification of the protected metadata. I'll split this up and > retest. This subsequent patch will define a method for preventing the file metadata included in the signature from changing as well. Where is this policy? Do you mean a build or runtime configuration?
