[PATCH v1 1/2] ima: fail signature verification on untrusted filesystems
Mimi Zohar
zohar at linux.vnet.ibm.com
Wed Feb 21 23:03:13 UTC 2018
On Wed, 2018-02-21 at 16:53 -0600, Eric W. Biederman wrote:
> Mimi Zohar <zohar at linux.vnet.ibm.com> writes:
>
> > On Mon, 2018-02-19 at 20:02 -0600, Eric W. Biederman wrote:
> >> It would also be nice if I could provide all of this information at
> >> mount time (when I am the global root) with mount options. So I don't
> >> need to update all of my tooling to know how to update ima policy when I
> >> am mounting a filesystem.
> >
> > The latest version of this patch relies on a builtin IMA policy to set
> > a flag. No other changes are required to the IMA policy. This
> > builtin policy could be used for environments not willing to accept
> > the default unverifiable signature risk.
>
> I still remain puzzled by this. Why is the default to accept the risk?
Accepting the risk is option 2, the privileged mount scenario. It
requires re-evaluating the cached info.
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list