| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <692a64e10646154ee7310b62ffd74025f29cdccf.camel@linux.ibm.com>
Date: Thu, 17 Mar 2022 11:58:24 -0400
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Eric Biggers <ebiggers@...nel.org>
Cc: linux-integrity@...r.kernel.org,
Stefan Berger <stefanb@...ux.ibm.com>,
linux-fscrypt@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 5/8] ima: permit fsverity's file digests in the IMA
measurement list
> diff --git a/security/integrity/integrity.h
b/security/integrity/integrity.h
> > index daf49894fd7d..39a999877013 100644
> > --- a/security/integrity/integrity.h
> > +++ b/security/integrity/integrity.h
> > @@ -32,7 +32,7 @@
> > #define IMA_HASHED 0x00000200
> >
> > /* iint policy rule cache flags */
> > -#define IMA_NONACTION_FLAGS 0xff000000
> > +#define IMA_NONACTION_FLAGS 0xff800000
> > #define IMA_DIGSIG_REQUIRED 0x01000000
> > #define IMA_PERMIT_DIRECTIO 0x02000000
> > #define IMA_NEW_FILE 0x04000000
> > @@ -40,6 +40,8 @@
> > #define IMA_FAIL_UNVERIFIABLE_SIGS 0x10000000
> > #define IMA_MODSIG_ALLOWED 0x20000000
> > #define IMA_CHECK_BLACKLIST 0x40000000
> > +#define IMA_VERITY_REQUIRED 0x80000000
> > +#define IMA_VERITY_DIGEST 0x00800000
>
> How about defining these flags in numerical order?
Originally I increased the flags size, but I'd like to avoid as much
patch churn as possible for the namespacing patch set.
Mimi
Powered by blists - more mailing lists