Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751444AbdIKVeS (ORCPT <rfc822;w@1wt.eu>);
        Mon, 11 Sep 2017 17:34:18 -0400
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:48863 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1750853AbdIKVeQ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 11 Sep 2017 17:34:16 -0400
Subject: Re: [GIT PULL] Security subsystem updates for 4.14
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
        James Morris <jmorris@namei.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        LSM List <linux-security-module@vger.kernel.org>,
        Dmitry Kasatkin <dmitry.kasatkin@intel.com>,
        5ac7eace2d00eab5ae0e9fdee63e38aee6001f7c@infradead.org
Date: Mon, 11 Sep 2017 17:34:05 -0400
In-Reply-To: <20170911063834.GB10489@infradead.org>
References: <alpine.LRH.2.21.1709041959220.27950@namei.org>
         <CA+55aFw8wgA+jhBOhnY-TSdbPgiYcrFiipCV=rsS1=GQEN+JgQ@mail.gmail.com>
         <alpine.LRH.2.21.1709081448090.7880@namei.org>
         <20170908070943.GA26549@infradead.org>
         <CA+55aFwMgUJSMQ96XdKnTbn8UsxzHTb8tZQdH40nxDeF7fWObw@mail.gmail.com>
         <20170910081047.GA19533@infradead.org>
         <1505052162.3224.64.camel@linux.vnet.ibm.com>
         <20170911063834.GB10489@infradead.org>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TM-AS-MML: disable
x-cbid: 17091121-0004-0000-0000-0000022E4952
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 17091121-0005-0000-0000-00005E1678D6
Message-Id: <1505165645.3470.1.camel@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-09-11_08:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0
 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
 adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000
 definitions=main-1709110322
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 654
Lines: 15

On Sun, 2017-09-10 at 23:38 -0700, Christoph Hellwig wrote:
> On Sun, Sep 10, 2017 at 10:02:42AM -0400, Mimi Zohar wrote:
> > We need to differentiate between policies and x509 certificates.  In
> > the policy case, they need to be signed and appraised, while in the
> > x509 certificate case, the certificate itself is signed so the file
> > doesn't need to be signed or verified.
> 
> How about you take this sketch over - I don't know much about the
> integrity code, and it seems like you actually wrote
> kernel_read_file_from_path as well - so you're at least 3 times as
> qualified as I am in this area..

Sure, it's been on my to do list.

Mimi