On Tue, 16 Apr 2024 at 14:18, Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > Originally there was a single measureent unless the filesystem was mounted with > SB_I_VERSION. With commit a2a2c3c8580a ("ima: Use i_version only when > filesystem supports it") this changed to always re-measure the file if the > filesystem wasn't mounted with SB_I_VERSION. Does the i_version get stored and compared only while the inode is in memory? In that case I think it should be possible to support a version number for the overlay inode. Thanks, Miklos