[PATCH RFC v15 12/21] security: add security_bdev_setintegrity() hook
Jarkko Sakkinen
jarkko at kernel.org
Wed Mar 20 08:28:38 UTC 2024
On Wed Mar 20, 2024 at 1:00 AM EET, Paul Moore wrote:
> On Mar 15, 2024 Fan Wu <wufan at linux.microsoft.com> wrote:
> >
> > This patch introduces a new hook to save block device's integrity
> > data. For example, for dm-verity, LSMs can use this hook to save
> > the roothash signature of a dm-verity into the security blob,
> > and LSMs can make access decisions based on the data inside
> > the signature, like the signer certificate.
> >
> > Signed-off-by: Fan Wu <wufan at linux.microsoft.com>
> >
> > --
> > v1-v14:
> > + Not present
> >
> > v15:
> > + Introduced
> >
> > ---
> > include/linux/lsm_hook_defs.h | 2 ++
> > include/linux/security.h | 14 ++++++++++++++
> > security/security.c | 28 ++++++++++++++++++++++++++++
> > 3 files changed, 44 insertions(+)
>
> I'm not sure why you made this a separate patch, help? If there is
> no significant reason why this is separate, please squash it together
> with patch 11/21.
Off-topic: it is weird to have *RFC* patch set at v15.
RFC by de-facto is something that can be safely ignored if you don't
have bandwidth. 15 versions of anything that can be safely ignored
is by definition spamming :-) I mean just conceptually.
So does the RFC still hold or what the heck is going on with this one?
Haven't followed for some time now...
BR, Jarkko
More information about the Linux-security-module-archive
mailing list