On Sun, 2020-03-29 at 22:10 -0400, Mimi Zohar wrote: > Hi Roberto, > > On Sat, 2020-03-28 at 11:18 +0000, Roberto Sassu wrote: > > Hi Matthew, Mimi > > > > I have a question about portable signatures. Is there any particular reason > > why a write to a file is not denied by IMA if metadata are immutable? > > As much as possible, IMA and EVM should be independent of each other. > EVM is responsible for the integrity of file metadata, so it needs to > read other security xattrs, but IMA shouldn't be looking at the EVM > xattr. > > Like any other security xattr, responsibility for maintaining the > xattr is left up to the particular LSM. In this case, EVM would need > to prevent the file from being opened rw. Should that be hard coded > or based on an EVM policy? Thinking about this a bit more, evm_verifyxattr() is already returning INTEGRITY_PASS_IMMUTABLE. I guess IMA could make decisions based on it. Mimi
