On Thu, Feb 28, 2019 at 2:38 PM Matthew Garrett <mjg59@xxxxxxxxxx> wrote: > > On Thu, Feb 28, 2019 at 1:59 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > On Thu, 2019-02-28 at 13:41 -0800, Matthew Garrett wrote: > > > If collect_type=get_hash and the filesystem doesn't support the > > > get_hash type, should the behaviour be to fall back to read? > > > > "get_hash" should be limited to a specific filesystem type and > > subtype. Based on the filesystem type and subtype, couldn't a warning > > be emitted at policy load time. > > The policy may be loaded before the filesystem is mounted, so even if > we added a capabilities mechanism we wouldn't be able to verify it. > There's also potentially cases where a filesystem could support hash > retrieval for some files but not others, and in that case we'd > probably want to fall back to reading the file. To be clear, I'm entirely happy to make this change - I'd just like to ensure that I do it the right way!
