Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S966776AbeAOQcv (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Mon, 15 Jan 2018 11:32:51 -0500
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:32878 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1751696AbeAOQcu (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 15 Jan 2018 11:32:50 -0500
Subject: Re: [PATCH 0/2] turn on force option for FUSE in builtin policies
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Christoph Hellwig <hch@infradead.org>,
        Dongsu Park <dongsu@kinvolk.io>
Cc: linux-kernel@vger.kernel.org, Alban Crequy <alban@kinvolk.io>,
        Miklos Szeredi <miklos@szeredi.hu>,
        Seth Forshee <seth.forshee@canonical.com>,
        linux-integrity <linux-integrity@vger.kernel.org>
Date: Mon, 15 Jan 2018 11:32:41 -0500
In-Reply-To: <20180115144804.GA28856@infradead.org>
References: <cover.1515682581.git.dongsu@kinvolk.io>
         <20180115144804.GA28856@infradead.org>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TM-AS-GCONF: 00
x-cbid: 18011516-0012-0000-0000-000005A3E956
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18011516-0013-0000-0000-0000191F5896
Message-Id: <1516033961.6607.18.camel@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-01-15_08:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
 definitions=main-1801150236
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Mon, 2018-01-15 at 06:48 -0800, Christoph Hellwig wrote:
> On Thu, Jan 11, 2018 at 08:51:48PM +0100, Dongsu Park wrote:
> > In case of FUSE filesystem, cached integrity results in IMA could be
> > reused, when the userspace FUSE process has changed the
> > underlying files. To be able to avoid such cases, we need to turn on
> > the force option in builtin policies, for actions of measure and
> > appraise. Then integrity values become re-measured and re-appraised.
> > In that way, cached integrity results won't be used.
> 
> The same is true for any distributed file system.  Checking for magic
> numbers is always the wrong thing.  You'll need flags for specific
> behavior in struct file_system_type instead.

For XFS, which considers fsmagic numbers private to the filesystem,
*always* using the fsmagic number is wrong.  As to whether this is
true for other filesystems is unclear.  IMA policies have been defined
in terms of fsmagic numbers for a long time.  fsmagic numbers were
moved from the filesystems to magic.h for this purpose.  Someone would
have complained earlier if it is always wrong.
 
I just posted a patch titled "ima: define new policy condition based
on the filesystem name" to allow policies to be defined in terms of
the i_sb->s_type->name.

Mimi