Re: [PATCH V2 3/4] IMA: Optionally make use of filesystem-provided hashes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> > diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
> > index 09a5def7e28a..6a517282068d 100644
> > --- a/Documentation/ABI/testing/ima_policy
> > +++ b/Documentation/ABI/testing/ima_policy
> > @@ -24,7 +24,8 @@ Description:
> >  				[euid=] [fowner=] [fsname=] [subtype=]]
> >  			lsm:	[[subj_user=] [subj_role=] [subj_type=]
> >  				 [obj_user=] [obj_role=] [obj_type=]]
> > -			option:	[[appraise_type=]] [permit_directio]
> > +			option:	[[appraise_type=] [permit_directio]
> > +			         [trust_vfs]]
> 
> Let's generalize "trust_vfs" a bit.  How about introducing
> "collect_type=", with the default being reading and calculating the
> file hash?

The naming might be based on the VFS name (e.g vfs_read, vfs_get_hash)
or on the file_operations name (eg. read, get_hash).

Mimi




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux