FYI: MaximumRPM was written in 1997 and does not begin to define the necessary
semantics to implement signatures on mutable files in a useful way. There have
been several changes in both %config/%ghost handling since 1997.
Q: What use is it to IMA policies to have a pre-packaged signature on a file
that has been marked %config?
The original RFE pretended to a type of configuration that is inaccessible to a
user on a embedded/handheld device that could not (or should not) be changed.
In which case, using %config is a packaging error imho and can be handled
through the existing file signing mechanisms.
The original RFP (and your comment) indicates that indeed, signing mutated
files has obvious failure cases, which is ultimately a 2nd type of "really
mutatable" %config, different from the packaging error misuse/abuse of %config
on a file that a user could not (or should not) change.
Finally there are several comments -- including mine -- that indicate that the
ability to sign "mutable" %config files does not seem very useful, and hence
needs a disabler with opt-in default behavior.
Adding the ability to change the ima signature in the xattr after installation,
so that the modified, not the original %config template, would (at least)
change my opinion, similarly for %ghost. But that isn't what is being proposed.
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Rpm-maint mailing list