Re: [PATCH V2 3/4] IMA: Optionally make use of filesystem-provided hashes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2019-04-04 at 14:46 -0700, Matthew Garrett wrote:
> On Thu, Mar 7, 2019 at 2:41 PM Matthew Garrett <mjg59@xxxxxxxxxx>
> wrote:
> > Yup, happy to get further feedback on this.
> 
> Anyone other than me and Mimi with thoughts here? :)

The obvious other thought is integration with fs-verity, which is a
filesystem maintained possibly signed merkel tree hash.  The problem
here is what does vfs_get_hash() actually mean?  The assumption seems
to be that it is the flat hash of the entire file which doesn't work
for merkle trees.  However, if it could be a representative hash of the
file which is produced however the filesystem decides, it could work
(well, unless the file is copied on to a different fs, of course ...).

James




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux