Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751896AbeAPLYB (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Tue, 16 Jan 2018 06:24:01 -0500
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:49542 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1751831AbeAPLX7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 16 Jan 2018 06:23:59 -0500
Subject: Re: [PATCH 0/2] turn on force option for FUSE in builtin policies
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Dongsu Park <dongsu@kinvolk.io>,
        LKML <linux-kernel@vger.kernel.org>
Cc: Alban Crequy <alban@kinvolk.io>,
        Miklos Szeredi <miklos@szeredi.hu>,
        Seth Forshee <seth.forshee@canonical.com>
Date: Tue, 16 Jan 2018 06:23:51 -0500
In-Reply-To: <CANxcAMv-p_1Wu=83zhy5-fkmDqxF3jzwfhsD+3Q6iCZ+FiJSSg@mail.gmail.com>
References: <cover.1515682581.git.dongsu@kinvolk.io>
         <CANxcAMv-p_1Wu=83zhy5-fkmDqxF3jzwfhsD+3Q6iCZ+FiJSSg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TM-AS-GCONF: 00
x-cbid: 18011611-0008-0000-0000-000004C2529C
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18011611-0009-0000-0000-00001E55BCC0
Message-Id: <1516101831.6607.98.camel@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-01-16_05:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
 definitions=main-1801160162
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Tue, 2018-01-16 at 12:09 +0100, Dongsu Park wrote:
> Hi,
> 
> On Thu, Jan 11, 2018 at 8:51 PM, Dongsu Park <dongsu@kinvolk.io> wrote:
> > In case of FUSE filesystem, cached integrity results in IMA could be
> > reused, when the userspace FUSE process has changed the
> > underlying files. To be able to avoid such cases, we need to turn on
> > the force option in builtin policies, for actions of measure and
> > appraise. Then integrity values become re-measured and re-appraised.
> > In that way, cached integrity results won't be used.
> 
> Since yesterday Alban and I have been working on a different approach
> that does not depend on IMA rules, nor fsmagic. Please see:
> https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1587390.html
> 
> If that's ok, I'm ready to discard this patchset.

You dropped a number of people involved in this discussion and mailing
lists.  Please post the proposed patch inline as an RFC, cc'ing the
same people, those involved in the discussion, and previous mailing
lists, including LSM, integrity, and fsdevel.

thanks,

Mimi