Re: Allow FUSE filesystems to provide out-of-band hashes to IMA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Oct 9, 2018 at 1:52 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
>
> > The performance hit is more noticeable over remote filesystems, but we
> > have large binaries that take several seconds to hash even on local
> > filesystems. Would it be helpful to try to define the assumptions that
> > IMA makes in terms of whether or not it produces trustworthy results?
> > It feels like it's be easier to talk about this if we have a more
> > formal set of conditions to take into consideration.
>
> [Cc'ing Chuck Lever]
>
> Integrity of files on remote filesystems should probably be discussed
> in the context of fs-verity, not FUSE filesystems.

Hm. We /could/ fake up fs-verity style behaviour, but we're not
talking about files that are expected to be immutable so it would seem
like there might be mismatched semantics there.

> Do you want to continue the discussion here or perhaps as an LSS-EU
> BoF?

This is something that's causing us pain at the moment, so if there's
any chance we can reach a resolution over the next couple of weeks
then I'd like to continue discussing it :)



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux