[PATCH v2 3/4] ima: fail signature verification based on policy

Mimi Zohar zohar at linux.vnet.ibm.com
Fri Mar 2 21:10:15 UTC 2018


On Wed, 2018-02-28 at 09:30 -0600, Serge E. Hallyn wrote:
> Quoting Mimi Zohar (zohar at linux.vnet.ibm.com):
> > On Tue, 2018-02-27 at 16:35 -0600, Serge E. Hallyn wrote:
> > > Quoting Mimi Zohar (zohar at linux.vnet.ibm.com):
> > > > This patch addresses the fuse privileged mounted filesystems in
> > > > environments which are unwilling to accept the risk of trusting the
> > > > signature verification and want to always fail safe, but are for
> > > > example using a pre-built kernel.
> > > > 
> > > > This patch defines a new builtin policy "unverifiable_sigs", which can
> > > 
> > > How about recalc_unverifiable_sigs?
> > 
> > Cute, I really like that name, but in this case we're failing the
> > signature verification.
> > 
> > > It's long, but unverifiable_sigs
> > > is  not clear about whether the intent is to accept or recalculate them.
> > > 
> > > (or fail_unverifiable_sigs like the flag)
> > 
> > Could we abbreviate it to "fail_usigs"?  Or perhaps allow both
> > "fail_unverifiable_sigs" and "fail_usigs".
> 
> That sounds good.  Or fail_unverified?  But so long as 'fail' is somehow
> clearly implied by the name.

None of these names mean anything to anyone but us.  How about
"fail_safe"?  That at least has some meaning to some people.

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list