Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3628246yba; Sat, 11 May 2019 15:45:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqw1XxKnEQ8gPKImJZod5TRSref9UepszpYeyvfYyMRrXAsAs6vrMT1nhyMAuwOrmHnB16TQ X-Received: by 2002:a63:2bc8:: with SMTP id r191mr22824284pgr.72.1557614731869; Sat, 11 May 2019 15:45:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557614731; cv=none; d=google.com; s=arc-20160816; b=G6b0Wr8XwjQUA7PKttp4sjRHKcrgOpojXEH/w7ssayT4fu/F8TxEbVMDpukwXLjGvF NNaI73ynXriqZ/90Ycv8ryuYuTi1AXb5Wz8SoD2QPI0iPM4PwetISGhO90Ye4ScZL0I1 j1N6wPlqgv1Bwgca+JJNtRtpi8Hi+oweVeDg00dLKefCe1eEJmgAvLvbe2gXoXUiAiIN 89TyOG6IJ5MTxJBUMF9WuD4zhNvLcyEZEQkRhV2IiEMh3/Mqnavt1eZTmZ3L2csEF28v CoXU4PSK/ff1cGs1uhUSVGE/c/MaxtOzTn+6doCiFbvXSnKYMqZIzGBjXqInptlZPHUH AxFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=vFZIIvnmv3dIUszS9nQNYvNNCx2Wzckl+4J7r1XmVOM=; b=o456pilMy1ILy0sZD7h9dkVsErCXntlnvuDuXqzsrRh9vCkUDNiUWA7xparSxixJG5 bZwkMMxlaY3m4avdk90gHDbGozweKqYdUXeQcdeDczhmus+cumdMM1gw+clf2ibOie3K Z9Dr1rrHKd/GN7JmpnmUdO2g5+ZCF8wbr/wzHN+AfNCMrm51DZz3x05IPu5HWaXE7Tyr 7b/Kkky2h8Ih1ihGp+m0BXLEqyYBwIiWb0kAiT4MVD72qyz2MJd7uIMah8LyD2nJTC0w BB6y2x6Ge13uk7dVRxld2e/65E0LdejeCAZcyddtqNPtLWP6Zk3pLxJ8Skd6Vi2c3pM3 C9hg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2T1xXzIy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g123si13274855pfb.24.2019.05.11.15.45.15; Sat, 11 May 2019 15:45:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2T1xXzIy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726362AbfEKWo1 (ORCPT + 99 others); Sat, 11 May 2019 18:44:27 -0400 Received: from mail.kernel.org ([198.145.29.99]:34988 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726121AbfEKWo0 (ORCPT ); Sat, 11 May 2019 18:44:26 -0400 Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2EC8C21883 for ; Sat, 11 May 2019 22:44:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1557614665; bh=DBGXq/wo5eO+VqLPrQODgPeSLnJ8AW0XoIMolnMCp6Q=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=2T1xXzIyLDFtQqcxDJubuIMPoaEwT56pjInA0mlMgeInYHftrgyEJJ1vJcvv+Tkuf eA8Y/MST6nLsAmwk6H3JEMwXXqquGK0WICtADAdRVPD2CSlR8kj0BwKZncxL4LGmv8 hdsfKVy1tsrMoucuy5dczDnqZPdjIjsc/GSodU54= Received: by mail-wr1-f51.google.com with SMTP id d12so11307059wrm.8 for ; Sat, 11 May 2019 15:44:25 -0700 (PDT) X-Gm-Message-State: APjAAAUEA8grB2Kv9XYfJry0qSgx9GTV+iH9bFGB+9PJdPg2T0R4tS9I T1QFM6dRhYI7p6keb2o05ZBK0i+IZU59CGf0gSaHQQ== X-Received: by 2002:adf:fb4a:: with SMTP id c10mr12063994wrs.309.1557614663619; Sat, 11 May 2019 15:44:23 -0700 (PDT) MIME-Version: 1.0 References: <20190509112420.15671-1-roberto.sassu@huawei.com> In-Reply-To: <20190509112420.15671-1-roberto.sassu@huawei.com> From: Andy Lutomirski Date: Sat, 11 May 2019 15:44:12 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2 0/3] initramfs: add support for xattrs in the initial ram disk To: Roberto Sassu Cc: Al Viro , LSM List , linux-integrity , initramfs@vger.kernel.org, Linux API , Linux FS Devel , LKML , Mimi Zohar , silviu.vlasceanu@huawei.com, dmitry.kasatkin@huawei.com, takondra@cisco.com, kamensky@cisco.com, "H. Peter Anvin" , Arnd Bergmann , Rob Landley , james.w.mcmechan@gmail.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 9, 2019 at 4:27 AM Roberto Sassu wrote: > > This patch set aims at solving the following use case: appraise files from > the initial ram disk. To do that, IMA checks the signature/hash from the > security.ima xattr. Unfortunately, this use case cannot be implemented > currently, as the CPIO format does not support xattrs. > > This proposal consists in marshaling pathnames and xattrs in a file called > .xattr-list. They are unmarshaled by the CPIO parser after all files have > been extracted. > > The difference from v1 (https://lkml.org/lkml/2018/11/22/1182) is that all > xattrs are stored in a single file and not per file (solves the file name > limitation issue, as it is not necessary to add a suffix to files > containing xattrs). > > The difference with another proposal > (https://lore.kernel.org/patchwork/cover/888071/) is that xattrs can be > included in an image without changing the image format, as opposed to > defining a new one. As seen from the discussion, if a new format has to be > defined, it should fix the issues of the existing format, which requires > more time. I read some of those emails. ISTM that adding TAR support should be seriously considered. Sure, it's baroque, but it's very, very well supported, and it does exactly what we need. --Andy