Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966776AbeAOQcv (ORCPT + 1 other); Mon, 15 Jan 2018 11:32:51 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:32878 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751696AbeAOQcu (ORCPT ); Mon, 15 Jan 2018 11:32:50 -0500 Subject: Re: [PATCH 0/2] turn on force option for FUSE in builtin policies From: Mimi Zohar To: Christoph Hellwig , Dongsu Park Cc: linux-kernel@vger.kernel.org, Alban Crequy , Miklos Szeredi , Seth Forshee , linux-integrity Date: Mon, 15 Jan 2018 11:32:41 -0500 In-Reply-To: <20180115144804.GA28856@infradead.org> References: <20180115144804.GA28856@infradead.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 18011516-0012-0000-0000-000005A3E956 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18011516-0013-0000-0000-0000191F5896 Message-Id: <1516033961.6607.18.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-01-15_08:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1801150236 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Mon, 2018-01-15 at 06:48 -0800, Christoph Hellwig wrote: > On Thu, Jan 11, 2018 at 08:51:48PM +0100, Dongsu Park wrote: > > In case of FUSE filesystem, cached integrity results in IMA could be > > reused, when the userspace FUSE process has changed the > > underlying files. To be able to avoid such cases, we need to turn on > > the force option in builtin policies, for actions of measure and > > appraise. Then integrity values become re-measured and re-appraised. > > In that way, cached integrity results won't be used. > > The same is true for any distributed file system. Checking for magic > numbers is always the wrong thing. You'll need flags for specific > behavior in struct file_system_type instead. For XFS, which considers fsmagic numbers private to the filesystem, *always* using the fsmagic number is wrong.  As to whether this is true for other filesystems is unclear.  IMA policies have been defined in terms of fsmagic numbers for a long time.  fsmagic numbers were moved from the filesystems to magic.h for this purpose.  Someone would have complained earlier if it is always wrong.   I just posted a patch titled "ima: define new policy condition based on the filesystem name" to allow policies to be defined in terms of the i_sb->s_type->name. Mimi