On Mon, Apr 17, 2023 at 12:55:51PM -0400, Jeff Layton wrote: > IMA currently accesses the i_version out of the inode directly when it > does a measurement. This is fine for most simple filesystems, but can be > problematic with more complex setups (e.g. overlayfs). > > Make IMA instead call vfs_getattr_nosec to get this info. This allows > the filesystem to determine whether and how to report the i_version, and > should allow IMA to work properly with a broader class of filesystems in > the future. > > Reported-and-Tested-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx> > --- Excellent, thanks, Reviewed-by: Christian Brauner <brauner@xxxxxxxxxx>
