On Mon, 2018-01-15 at 06:48 -0800, Christoph Hellwig wrote: > On Thu, Jan 11, 2018 at 08:51:48PM +0100, Dongsu Park wrote: > > In case of FUSE filesystem, cached integrity results in IMA could be > > reused, when the userspace FUSE process has changed the > > underlying files. To be able to avoid such cases, we need to turn on > > the force option in builtin policies, for actions of measure and > > appraise. Then integrity values become re-measured and re-appraised. > > In that way, cached integrity results won't be used. > > The same is true for any distributed file system. Checking for magic > numbers is always the wrong thing. You'll need flags for specific > behavior in struct file_system_type instead. For XFS, which considers fsmagic numbers private to the filesystem, *always* using the fsmagic number is wrong. As to whether this is true for other filesystems is unclear. IMA policies have been defined in terms of fsmagic numbers for a long time. fsmagic numbers were moved from the filesystems to magic.h for this purpose. Someone would have complained earlier if it is always wrong. I just posted a patch titled "ima: define new policy condition based on the filesystem name" to allow policies to be defined in terms of the i_sb->s_type->name. Mimi
