On Mon, Jan 15, 2018 at 11:32:41AM -0500, Mimi Zohar wrote: > For XFS, which considers fsmagic numbers private to the filesystem, > *always* using the fsmagic number is wrong. As to whether this is > true for other filesystems is unclear. IMA policies have been defined > in terms of fsmagic numbers for a long time. fsmagic numbers were > moved from the filesystems to magic.h for this purpose. Someone would > have complained earlier if it is always wrong. > > I just posted a patch titled "ima: define new policy condition based > on the filesystem name" to allow policies to be defined in terms of > the i_sb->s_type->name. ima has no business looking at either the name _or_ the magic number.
