On Sun, Jan 26, 2020 at 7:01 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > > I don't think it is common, and probably not acceptable, for the > > > kernel to open a file for writing. > > > > Ok. It just means that the kernel cannot do its own memory management > > and will depend on the user flushing the memory often enough to > > prevent something bad from happening. Is this more common in the > > kernel than writing out a file? > > Ok, there are examples of both passing a file descriptor and passing a > pathname from userspace, but even in the case of passing a pathname, > userspace normally creates the file. Sorry, I was slow to get your proposal. I'll try to see how that would look like. > There's been discussion in the past of defining an integrity > capability. Are we at that point where we really do need to define an > integrity capability or is everyone comfortable with relying on > CAP_SYS_ADMIN? Every time something like this is being proposed there is a lot of shouting from people that they want their root user (renamed as CAP_SYS_ADMIN) back. I'd be happy with such bit and several others, too. > When implementing this feature of exporting and truncating the > measurement list, please keep in mind how this would work in the > context of IMA namespaces. That could be rough. I'll try to think about it. -- Janne
