On Wed, 2023-10-25 at 16:27 +0000, Eric Snowberg wrote: > > > On Oct 25, 2023, at 8:39 AM, Mimi Zohar <[email protected]> wrote: > > > > Commit 18b44bc5a672 ("ovl: Always reevaluate the file signature for > > IMA") forced signature re-evaulation on every file access. > > > > Instead of always re-evaluating the file's integrity, detect a change > > to the backing file, by comparing the cached file metadata with the > > backing file's metadata. Verifying just the i_version has not changed > > is insufficient. In addition save and compare the i_ino and s_dev > > as well. > > > > Signed-off-by: Mimi Zohar <[email protected]> > > I ran the file integrity tests that originally uncovered the need for > "Commit 18b44bc5a672 ("ovl: Always reevaluate the file signature for > IMA”). When the backing file is changed, file integrity remains. For that > part, feel free to add: > > Tested-by: Eric Snowberg <[email protected]>
Thanks! Mimi
