[CC'ing Dave Chinner, Ted Tso] Hi Rishi, On Thu, 2018-07-05 at 16:08 +0530, rishi gupta wrote: > Hi Dmitry and security team members, > > I am willing to take directory protection ima patch in a commercial > product, but observed that it has not been mainlined. Is there any reason > for not mainlining it. Are there any better options for protecting > directory using IMA/EVM or some other security schemes. > > https://lwn.net/Articles/512364/ > https://kernel.googlesource.com/pub/scm/linux/kernel/git/kasatkin/linux-digsig/+/ima-dir-experimental/security/integrity/ima/ima_dir.c The main purpose of the IMA-directory patch set is to protect file names from offline attack. Dmitry's patch set protects file names at the immediate directory level, but does not extend up to the root directory. I brought up the topic of protecting file names at LSF/MM[1]. Others in the community are aware of the problem and need to be involved in the discussions as to how to address it. [1] https://lwn.net/Articles/753276/ Mimi
