| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Jan 2018 11:40:07 -0500
From: Mimi Zohar <zohar@...ux.vnet.ibm.com>
To: Christoph Hellwig <hch@...radead.org>
Cc: linux-integrity <linux-integrity@...r.kernel.org>,
linux-security-module <linux-security-module@...r.kernel.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
linux-kernel <linux-kernel@...r.kernel.org>,
Dongsu Park <dongsu@...volk.io>,
Alban Crequy <alban@...volk.io>,
Seth Forshee <seth.forshee@...onical.com>
Subject: Re: [PATCH] ima: define new policy condition based on the
filesystem name
On Mon, 2018-01-15 at 08:27 -0800, Christoph Hellwig wrote:
> On Mon, Jan 15, 2018 at 11:20:36AM -0500, Mimi Zohar wrote:
> > Some filesystems do not export the filesystem's magic number, as it is
> > considered internal, private data. In other cases, the policy rule
> > needs to identify a specifically mounted filesystem (eg. rootfs).
>
> No, it doesn't. Policies based on a file system type are complete and
> utterly bogus. rootfs should not be treated any different from other
> file systems.
rootfs IS different than other filesystems, as other filesystems
uniquely identify the underlying filesystem type. rootfs can be a
ramfs or tmpfs filesystem. Only tmpfs supports xattrs.
Mimi
Powered by blists - more mailing lists