Received: by 10.223.176.5 with SMTP id f5csp229830wra;
        Tue, 30 Jan 2018 10:33:35 -0800 (PST)
X-Google-Smtp-Source: AH8x226SsijjlXTLVoktXmPFE6dvCwl0NEN4HGD9OUObn8r/sLlhIFvizYZ7Qb2IShCkN3mTAC+L
X-Received: by 10.101.75.4 with SMTP id r4mr24212081pgq.36.1517337214960;
        Tue, 30 Jan 2018 10:33:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517337214; cv=none;
        d=google.com; s=arc-20160816;
        b=kJ88FztIbEVTDWVxKtwjcuCK8Y6SCWzRnEZ2AWLtzQ4OR0tEszw+3f2IY13aIEqOlv
         bjh8Mi79Be2eER9CBmS60uEgy7uDCS9NHWXYU718zjh4pJNcts1ejVOiWCfxjje78dPS
         083ZBfmkU/7FT2x5wNwTZLQKteY5BPSqbI0TQjLjDKDtPB87EpcW0SzsTsnwluHrnBS9
         kr5Np8bs8A10kxTxRT/iYdgoVvJ49I3LCJIRGy3HXQ3cwIs12+ZgD8XhoIvGCxhzSF/U
         Df9Sf1NCTiRVE4UbW7xqq+pozxt1/sd+ca63L759AKD2RiCqZ6M3TaTPy7P2RCxNFLNz
         gm8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=7nvkPvMTYjN70KxnKaPCKuYDWMWoMMSF4KAq6Em6ACQ=;
        b=Zxlf8iKBbIdufqpYKdiXc/jTCUXpWSrxyzGPiPTpVt2xQ6eGPVlnqxWx6qIyYel3bJ
         zt/ESo0xXgdEgCbYH8iAasKdnk2cQpThJjsNNE/eDbW98d4gAr46eZbdLVaoymqmHWUn
         6g5Yiwevr5sgLEwu9bNSLGZcNme+HoMQ7ywZNtZz9l2wYMKlLheFHXDQMTSeQUyHceD+
         FoanYr+5r5oJsYml2PRoD8bTRKkXsrK9bl5GKhodbWWnv9XBrI36zmKDKOhyFkqcw0l1
         SW0GAs3mmzkihZEKnCv7bYooHFngAaYga/Y7kgjdzM/43WeSuaxqyIW1Bfj3jq6O4CNQ
         d5mQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kinvolk.io header.s=google header.b=W2nqaKdV;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r4si1774827pgt.200.2018.01.30.10.33.20;
        Tue, 30 Jan 2018 10:33:34 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kinvolk.io header.s=google header.b=W2nqaKdV;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753247AbeA3SFf (ORCPT <rfc822;sujaykul91@gmail.com>
        + 99 others); Tue, 30 Jan 2018 13:05:35 -0500
Received: from mail-wm0-f67.google.com ([74.125.82.67]:34650 "EHLO
        mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752896AbeA3SF3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Jan 2018 13:05:29 -0500
Received: by mail-wm0-f67.google.com with SMTP id j21so4800018wmh.1
        for <linux-kernel@vger.kernel.org>; Tue, 30 Jan 2018 10:05:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=kinvolk.io; s=google;
        h=from:to:cc:subject:date:message-id;
        bh=7nvkPvMTYjN70KxnKaPCKuYDWMWoMMSF4KAq6Em6ACQ=;
        b=W2nqaKdVlEeW2DLT3p2au3poyvK1EtJiMy39gXA5Y+TLJ/6CqaQ7ARzr1r+gg5S19q
         sv0b7kUqumIsCDf0WhZjdbPmRTImjoVhxyB9f3AOdIVdCD9S4HrTWGR38rJwb9/hnQ1B
         ARS4RVTHdMolwnlTmsw30P80a+SjlVihltp7M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=7nvkPvMTYjN70KxnKaPCKuYDWMWoMMSF4KAq6Em6ACQ=;
        b=gafMk5YJobfoN4GJoq31zQUl7Wv7pK9Uu0IDPPU28iPJiiGRTPQ4DDR7E82JnUxlBI
         pgk64RcsU9hezmQEH3aYh92kdkxfANVougx/r0g3hHVnwfvWnzcllHbu3UCvE5cIOLTn
         iBV2SzrOZ3mcZInvU/hMurWvBwiBUDNj+2NmLDzhjyW0K/yVeIgyxEk4fPB0pv/w2GeO
         OUirO84446N2WBBTEUJa6Jwcwl9OejmhX2B8PC6UVjpnmqTBVQZNxmXHj78Nqbkh3PrF
         5WeMjDVvfO0cgFRWzuEcaLsyXpxWUAKI8+x3m2Csz+LdOMWAIMZQJ0Y6A8HuisY3Pmex
         pWmg==
X-Gm-Message-State: AKwxyteFQwZU2TulnxkCDt+/40vEAeZwq4RcqxrTfkxiaXvZUg/dBNti
        0CBNlIuZwqLIOKJXasztRCEo5O8swNM=
X-Received: by 10.80.167.162 with SMTP id i31mr15945445edc.37.1517335527770;
        Tue, 30 Jan 2018 10:05:27 -0800 (PST)
Received: from dberlin.localdomain (cable-86-56-52-218.cust.telecolumbus.net. [86.56.52.218])
        by smtp.gmail.com with ESMTPSA id z49sm7692787edd.93.2018.01.30.10.05.25
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Tue, 30 Jan 2018 10:05:25 -0800 (PST)
From:   Dongsu Park <dongsu@kinvolk.io>
To:     linux-kernel@vger.kernel.org
Cc:     linux-integrity@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-fsdevel@vger.kernel.org, Alban Crequy <alban@kinvolk.io>,
        Dongsu Park <dongsu@kinvolk.io>,
        Miklos Szeredi <mszeredi@redhat.com>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>,
        Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
        James Morris <jmorris@namei.org>,
        Christoph Hellwig <hch@infradead.org>,
        "Serge E . Hallyn" <serge@hallyn.com>,
        Seth Forshee <seth.forshee@canonical.com>
Subject: [RFC PATCH v4 0/2] ima,fuse: introduce new fs flag FS_IMA_NO_CACHE
Date:   Tue, 30 Jan 2018 19:06:30 +0100
Message-Id: <cover.1517314847.git.dongsu@kinvolk.io>
X-Mailer: git-send-email 2.13.6
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This patchset v4 introduces a new fs flag FS_IMA_NO_CACHE and uses it in
FUSE. This forces files to be re-measured, re-appraised and re-audited
on file systems with the feature flag FS_IMA_NO_CACHE. In that way,
cached integrity results won't be used.

There was a previous attempt (unmerged) with a IMA option named "force" and using
that option for FUSE filesystems. These patches use a different approach
so that the IMA subsystem does not need to know about FUSE.
- https://www.spinics.net/lists/linux-integrity/msg00948.html
- https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1584131.html

Changes since v1: https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1587390.html
- include linux-fsdevel mailing list in cc
- mark patch as RFC
- based on next-integrity, without other unmerged FUSE / IMA patches

Changes since v2: https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1587678.html
- rename flag to FS_IMA_NO_CACHE
- split patch into 2

Changes since v3: https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1592393.html
- make the code simpler by resetting IMA_DONE_MASK

The patchset is also available in our github repo:
  https://github.com/kinvolk/linux/tree/dongsu/fuse-flag-ima-nocache-v4


Alban Crequy (2):
  fuse: introduce new fs_type flag FS_IMA_NO_CACHE
  ima: force re-appraisal on filesystems with FS_IMA_NO_CACHE

 fs/fuse/inode.c                   |  2 +-
 include/linux/fs.h                |  1 +
 security/integrity/ima/ima_main.c | 15 +++++++++++++--
 3 files changed, 15 insertions(+), 3 deletions(-)

-- 
2.13.6