Received: by 2002:ab2:69cc:0:b0:1f4:be93:e15a with SMTP id n12csp1421930lqp; Mon, 15 Apr 2024 06:18:08 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWgIJJrcIC8ip5sU2xnJavp4nQclMuLrQou/KMsCVydFTtm23ia6B6FadwXh++CW4PFkzA916fK0lBgu/+KhK+/ghSHa+OGyq78sLHeMg== X-Google-Smtp-Source: AGHT+IEN+SspclwIMGfCi015+vFCobz2pPB0krYIoCjjXMqQR2wvqVOW/gx/Evjq3uNZIhYTHOb2 X-Received: by 2002:a50:9312:0:b0:56e:2abd:9d10 with SMTP id m18-20020a509312000000b0056e2abd9d10mr9100802eda.22.1713187088408; Mon, 15 Apr 2024 06:18:08 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713187088; cv=pass; d=google.com; s=arc-20160816; b=baGRVESaYsE713HdfdIAPfEIX4JyvN+4xtomip9rlo9G4KPbPj4xgY3T4JjNmxW0vG 4ys/VSlhZywp79x8ueG2AwuIJNHn++zmKezJMqLDH9qcoDdSEm8q+AW5HvDXagN2ZeWd w3KLY5SYoxraMZsWuQgkSvFK09AtRiVRymBGDDfuNsfe6UtfGSFOAykji2N9MeUrIBwz SapYcjpINTldYNDCSoZQSOfHg9yzE9HYMjgNMvSbX+Em91bz1fbMnVtYmSEvwrLVk9tL UCCrwlHjZ0d1Nz38b+4ZVD9Iz1aGxR/NFA62jQrLf9CTPM0vK5b6b4ClmWRGqrd1IJD1 eqCQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=PtRDKTQTDzhoQ+/JuLQ9JmFXYTTE6omhjNyTnWio4Ng=; fh=dk0eThOfDOfNuq5jTBiI8/4LQb4WMXbQSlG7GmIbhtU=; b=czXRy3Ymja4q27Uer6KkZLdMXs1yu+Ahxn3LG1udZcW5Ufk4cvZV3hikFxhr3LMZkW mQrjpi8XoDUDstejeOSQylPFYVawffEgifVUfyoHRGTsJpLeKHHGgBZ1brbSUO8P8bfc SlHsRsVwtU7kjywGIXtQgl4mnbk9Am0lL+p9Ov+Rrf2XtP4H6QH5R1ZxrHFeLOV/LvsP Yi/77NOzVr1FNoZu91PWxh33fO4p7pRG6jQVyOEOuTi6Z8OQtueUA27AbwwQrHAX/aHW ImeJMeDMLchE2pVkxkZA2mw8fgPvQiqD89lp16ceBEjlX8UsRr4a+Gj/pX4q8ytQ3vVc pJwQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@szeredi.hu header.s=google header.b=hTkoK1AK; arc=pass (i=1 spf=pass spfdomain=szeredi.hu dkim=pass dkdomain=szeredi.hu dmarc=pass fromdomain=szeredi.hu); spf=pass (google.com: domain of linux-kernel+bounces-145209-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-145209-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id b43-20020a509f2e000000b00568a5e13532si4373891edf.334.2024.04.15.06.18.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Apr 2024 06:18:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-145209-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@szeredi.hu header.s=google header.b=hTkoK1AK; arc=pass (i=1 spf=pass spfdomain=szeredi.hu dkim=pass dkdomain=szeredi.hu dmarc=pass fromdomain=szeredi.hu); spf=pass (google.com: domain of linux-kernel+bounces-145209-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-145209-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 25C4A1F2109F for ; Mon, 15 Apr 2024 13:18:08 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2AD448528F; Mon, 15 Apr 2024 12:58:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=szeredi.hu header.i=@szeredi.hu header.b="hTkoK1AK" Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9EC7E76045 for ; Mon, 15 Apr 2024 12:58:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.41 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713185890; cv=none; b=DW9cN5bKkFpS2JapwOCp348xTGzJMaYbRm0iqEObx3OwlZu6O1bWjEs/kgZar18k9iZLRwtOCrUOLyWQZOHAUKPHHNA86aFqlGsiA66Ex4p4bsweHr6KckpqZCryT5KJtDDdS66YCLpKZyLk6R7K6sl5VMGX9ubElQWR3777LVo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713185890; c=relaxed/simple; bh=PtRDKTQTDzhoQ+/JuLQ9JmFXYTTE6omhjNyTnWio4Ng=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=Jm2GMy61lgRRlC0AMkCyY18qLKhb/MFxSyWh3jAevG83khf8SytjY94XyOdtrS52mpAjUrzRtTF61L33yI+WGRVNjKLppX/Famexl21E2dpmoHb0GGBP5FvoaPMMkMq7kyVcCRDmHa2sMhHttM/8zDG2p6eZfAzfiT0f5PVsH7o= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=szeredi.hu; spf=pass smtp.mailfrom=szeredi.hu; dkim=pass (1024-bit key) header.d=szeredi.hu header.i=@szeredi.hu header.b=hTkoK1AK; arc=none smtp.client-ip=209.85.167.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=szeredi.hu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=szeredi.hu Received: by mail-lf1-f41.google.com with SMTP id 2adb3069b0e04-518a3e0d2ecso3277011e87.3 for ; Mon, 15 Apr 2024 05:58:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; t=1713185887; x=1713790687; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=PtRDKTQTDzhoQ+/JuLQ9JmFXYTTE6omhjNyTnWio4Ng=; b=hTkoK1AKs8h/tfzw25yar9T/oUhRWWMZYagLeKSpRvP2wC4DmwzN19cZCdAC1OMQ3y SU9XUoCsyxkAbikK+hTmmwvk3rmnxhnfyNKpOMP0WJJNdfb8rdEwhfhtiwAS9MwyLe4Q 2fOAE1rJ0lqGAG4mBgjIrsHwwpOoJEqeVBfe4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713185887; x=1713790687; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=PtRDKTQTDzhoQ+/JuLQ9JmFXYTTE6omhjNyTnWio4Ng=; b=P6r30FP/Ysh05g9ZF2mdGS9d4JJxaRJO8h+3HBDbwH9AOV4rgRYi7ayzSiMTiSKwuv Dks0BBTOfxItWVMjSk+CfZuWJz45klGmutPoL1WCh5paOlcemkJG/GSBU5xy5lOca6OY 9ZNQoGF3Kaaov7TN1/RsqpkuGVJz5cltGTNyw6MJcmlKupqpUXdrIiV9Lmo+9dTnfhOP oiDQwSfgAcIKeXgDu1gvsg9FYiryR3UUAX7eygoFwxN9zRzO8jVVlvTHCWtZdvnUxSTf s2hY+pi5PiXrGWYGzlLHDWRK9cwf8Gx+mS01l20nKWAbpFecODsSViMTPy0N0rSV4+3t drrA== X-Forwarded-Encrypted: i=1; AJvYcCX7NBKYOxopvtSQ1olTFc+IID52JQpaFt+3dQ2KrqUDEc5vJqIMsImoec+yRu/7LQ4Zpd1kHEnMP6d1IV82vbe3/hbvIWxOpCqz4eDi X-Gm-Message-State: AOJu0YwiyacCTMo5xCtGaAVrkcUTW40RyhRlRVxDtgF0tgzpRbohgGeO h/8L7qGrOFD6v5VYIcZy07Xm1TeqC/Wc7bVYSgMcD6zvyeE36P0jRL2I75udEg6hLjlYpiR9cLH 7JHUWGTST75lJkKII9EjTORfMYqb369g6aZR03/AJhwok8bBh X-Received: by 2002:a19:9112:0:b0:516:9f03:6a92 with SMTP id t18-20020a199112000000b005169f036a92mr6833604lfd.43.1713185886774; Mon, 15 Apr 2024 05:58:06 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240412140122.2607743-1-stefanb@linux.ibm.com> <20240412140122.2607743-3-stefanb@linux.ibm.com> <89b4fb29-5906-4b21-8b5b-6b340701ffe4@linux.ibm.com> In-Reply-To: From: Miklos Szeredi Date: Mon, 15 Apr 2024 14:57:55 +0200 Message-ID: Subject: Re: [RFC 2/2] ima: Fix detection of read/write violations on stacked filesystems To: Mimi Zohar Cc: Stefan Berger , Amir Goldstein , linux-integrity@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-kernel@vger.kernel.org, roberto.sassu@huawei.com, Christian Brauner Content-Type: text/plain; charset="UTF-8" On Mon, 15 Apr 2024 at 12:47, Mimi Zohar wrote: > It's queued in > https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/ next- > integrity branch and should be linux-next. Is there a document about ima/evm vs. overlayfs? What exactly is it trying to achieve and how? Thanks, Miklos