Re: [PATCH 2/4] integrity: special fs magic

[Mimi Zohar]

Greg KH <greg@xxxxxxxxx> wrote on 08/08/2008 03:15:19 PM:

> On Fri, Aug 08, 2008 at 12:04:48PM -0700, Greg KH wrote:
> > On Fri, Aug 08, 2008 at 02:55:42PM -0400, Mimi Zohar wrote:
> > >     - Move special fs magic number definitions to magic.h
> > >     - Add magic.h include
> > > 
> > >     Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxx>
> > 
> > Why?  What is this patch for?  Are you going to do something with 
these
> > magic values later?
> 
> Ok, I now see the follow-up patch that does something with them.
> 
> You should say so in this patch.
> 
> And is it really ok to be doing things from userspace based on a
> filesystem "magic" key?  Those are numbers we have never exported to
> userspace before, what happens if they are changed?
> 
> thanks,
> 
> greg k-h

Userspace only loads the measurement policy (via securityfs), and if
a magic number changes, and the policy is not updated to match, then
we would end up measuring some filesystems we didn't need to.  Before 
the magic numbers were hard coded in IMA, now at least, it's extensible. 

Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/