Re: [PATCH 2/3] IMA: Make use of filesystem-provided hashes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Oct 14, 2018 at 6:38 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> On Fri, 2018-10-12 at 11:31 -0700, Matthew Garrett wrote:
> > There's a couple of ways. We could extend the filesystem type matching
> > logic to also check the subtype - you'd then need to enforce that at
> > the LSM level in order to protect against untrusted filesystems
> > spoofing the filesystem type. Alternatively, we could add an
> > additional policy match type for mount point and iterate through
> > s_mounts on the superblock - if any match, we could define the policy
> > there?
>
> The first method differentiates between different subtypes of FUSE
> filesystems, while the second method allows differentiating between
> the same type and subtype on different mount points.  Both criteria
> are needed, but instead of the second method based on a mount point,
> perhaps based instead on a mount flag?

Patch 3 already requires that the allow_gethash option be passed for
this to work - I can restrict that to CAP_SYS_ADMIN?

> Trusted mount of permitted filesystem type and subtype, that is
> mounted with the defined mount flag.

Ok, I'll write up a patch that allows policy matching of filesystem
subtype as well as type and try to get that posted this week so we can
discuss it in Edinburgh?



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux