On Wed, 2019-12-18 at 17:56 +0100, Florent Revest wrote: > On Wed, 2019-12-18 at 09:28 -0500, Mimi Zohar wrote: > > [Cc'ing Matthew] > > > > > There's a major difference between returning just the file hash and > > > making the integrity_iint_cache structure public. > > Certainly! > I am new to this subsystem so I just wanted to get the discussion > started. I am happy to make a more specific function. > > > > Peter Moody's original code queried the cache[1]. Why do you need > > > access to the structure itself? > > > FYI, if/when we get to IMA namespacing, the cache structure will > > > change. > > > > > > [1] ima: add the ability to query ima for the hash of a given file. > > > > If you're using Peter's patch, or something similar, I'd appreciate > > your taking the time to upstream it. > > Thank you for pointing me to Peter's patch! No one in my team was aware > of his work on this. Ugh! > It appears that Peter left the company while trying to upstream his > patch and the situation just got stuck there for 4+ years now. > > If you are still positive about the idea of a ima_file_hash function, I > will take his v6 patch (this is the latest I could find on the > sourceforce archives of linux-ima-devel), rebase it, take your comments > into account and send a new version by the end of the week. Matthew also wasn't aware of Peter's patch, until I sent it to him. I assume they're using it or something similar. Please coordinate with him, before refreshing and posting the patch. thanks, Mimi
