On Wed, 2018-02-21 at 16:53 -0600, Eric W. Biederman wrote: > Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> writes: > > > On Mon, 2018-02-19 at 20:02 -0600, Eric W. Biederman wrote: > >> It would also be nice if I could provide all of this information at > >> mount time (when I am the global root) with mount options. So I don't > >> need to update all of my tooling to know how to update ima policy when I > >> am mounting a filesystem. > > > > The latest version of this patch relies on a builtin IMA policy to set > > a flag. No other changes are required to the IMA policy. This > > builtin policy could be used for environments not willing to accept > > the default unverifiable signature risk. > > I still remain puzzled by this. Why is the default to accept the risk? Accepting the risk is option 2, the privileged mount scenario. It requires re-evaluating the cached info. Mimi
