On Tue, Dec 12, 2017 at 06:55:31PM -0500, Mimi Zohar wrote: > On Wed, 2017-12-13 at 10:30 +1100, Dave Chinner wrote: > > On Tue, Dec 12, 2017 at 10:04:56AM -0500, Mimi Zohar wrote: > > > On Tue, 2017-12-12 at 06:36 -0800, Christoph Hellwig wrote: > > > > On Tue, Dec 12, 2017 at 09:34:56AM -0500, Mimi Zohar wrote: > > > > > On Tue, 2017-12-12 at 06:26 -0800, Christoph Hellwig wrote: > > > > > > On Tue, Dec 12, 2017 at 09:21:09AM -0500, Mimi Zohar wrote: > > > > > > > Move the XFS_SB_MAGIC definition to magic.h. > > > > > > > > > > > > NACK. We want to keep the XFS code self-contained and no other part > > > > > > of the kernel has any business knowing it anyway. > > > > > > > > > > IMA policy rules can be defined in terms of magic numbers, but they > > > > > need to be defined in magic.h. Please reconsider... > > > > > > > > That is completely bogus, and it should not be supported in any way. > > > > File systems magic numbers are internal implementation details. > > > > > > Perhaps policies in general shouldn't differentiate between file > > > systems, but it definitely simplifies testing. > > > > How does specifying a filesystem type in a generic layer's policy > > implementation help testing? > > Based on file system, I could differentiate which files need to be > signed. For example, the root file system might require files > signatures only on executables, while for other file systems all files > could require signatures. What's the filesystem magic number got to do with where the filesystem is mounted or what it contains? > > > For example, currently IMA-appraisal only supports storing file > > > signatures as xattrs, but support for appended signatures is being > > > added. Per file system rules could require different types of file > > > signatures. > > > > What's an "appended signature", and why is the filesystem > > independent xattr interface insufficient for storing this > > information? > > Unfortunately, not all filesystems support xattrs (eg. > cpio/initramfs). So add support to them.... > In some cases, like kexec kernel image and > initramfs, having an attached signatures simplifies network boot. ... or support fetching detached signatures for these very specific use cases. > scripts/sign-file is used to append a file signature to kernel > modules. This same script could be used for signing other files, like > the kexec kernel image and initramfs. This doesn't require knowing about what type of filesystem the file is read from. It's just data appended to the file, and you can already read filesystem without knowing what the underlying filesystem implementation is.... Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
