Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-19 Thread Bruce Fields
On Wed, Jul 12, 2017 at 01:56:50PM -0400, Mimi Zohar wrote: > On Wed, 2017-07-12 at 10:35 -0400, Bruce Fields wrote: > > On Wed, Jul 12, 2017 at 08:20:21AM -0400, Mimi Zohar wrote: > > > Right, currently the only way of knowing is by looking at the IMA > > > measurement list to see if modified

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-19 Thread Bruce Fields
On Wed, Jul 12, 2017 at 01:56:50PM -0400, Mimi Zohar wrote: > On Wed, 2017-07-12 at 10:35 -0400, Bruce Fields wrote: > > On Wed, Jul 12, 2017 at 08:20:21AM -0400, Mimi Zohar wrote: > > > Right, currently the only way of knowing is by looking at the IMA > > > measurement list to see if modified

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-12 Thread Mimi Zohar
On Wed, 2017-07-12 at 10:35 -0400, Bruce Fields wrote: > On Wed, Jul 12, 2017 at 08:20:21AM -0400, Mimi Zohar wrote: > > Right, currently the only way of knowing is by looking at the IMA > > measurement list to see if modified files are re-measured or, as you > > said, by looking at the code. > >

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-12 Thread Mimi Zohar
On Wed, 2017-07-12 at 10:35 -0400, Bruce Fields wrote: > On Wed, Jul 12, 2017 at 08:20:21AM -0400, Mimi Zohar wrote: > > Right, currently the only way of knowing is by looking at the IMA > > measurement list to see if modified files are re-measured or, as you > > said, by looking at the code. > >

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-12 Thread Bruce Fields
On Wed, Jul 12, 2017 at 08:20:21AM -0400, Mimi Zohar wrote: > Right, currently the only way of knowing is by looking at the IMA > measurement list to see if modified files are re-measured or, as you > said, by looking at the code. Who's actually using this, and do they do any kind of checks, or

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-12 Thread Bruce Fields
On Wed, Jul 12, 2017 at 08:20:21AM -0400, Mimi Zohar wrote: > Right, currently the only way of knowing is by looking at the IMA > measurement list to see if modified files are re-measured or, as you > said, by looking at the code. Who's actually using this, and do they do any kind of checks, or

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-12 Thread Mimi Zohar
On Tue, 2017-07-11 at 21:17 -0400, jlay...@redhat.com wrote: > On Mon, 2017-07-10 at 08:10 -0400, Mimi Zohar wrote: > > On Fri, 2017-07-07 at 16:35 -0400, Jeff Layton wrote: > > > On Fri, 2017-07-07 at 15:59 -0400, Mimi Zohar wrote: > > > > On Fri, 2017-07-07 at 13:49 -0400, Jeff Layton wrote: > >

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-12 Thread Mimi Zohar
On Tue, 2017-07-11 at 21:17 -0400, jlay...@redhat.com wrote: > On Mon, 2017-07-10 at 08:10 -0400, Mimi Zohar wrote: > > On Fri, 2017-07-07 at 16:35 -0400, Jeff Layton wrote: > > > On Fri, 2017-07-07 at 15:59 -0400, Mimi Zohar wrote: > > > > On Fri, 2017-07-07 at 13:49 -0400, Jeff Layton wrote: > >

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-11 Thread jlayton
On Mon, 2017-07-10 at 08:10 -0400, Mimi Zohar wrote: > On Fri, 2017-07-07 at 16:35 -0400, Jeff Layton wrote: > > On Fri, 2017-07-07 at 15:59 -0400, Mimi Zohar wrote: > > > On Fri, 2017-07-07 at 13:49 -0400, Jeff Layton wrote: > > > > On Fri, 2017-07-07 at 13:24 -0400, Mimi Zohar wrote: > > > > >

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-11 Thread jlayton
On Mon, 2017-07-10 at 08:10 -0400, Mimi Zohar wrote: > On Fri, 2017-07-07 at 16:35 -0400, Jeff Layton wrote: > > On Fri, 2017-07-07 at 15:59 -0400, Mimi Zohar wrote: > > > On Fri, 2017-07-07 at 13:49 -0400, Jeff Layton wrote: > > > > On Fri, 2017-07-07 at 13:24 -0400, Mimi Zohar wrote: > > > > >

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-11 Thread jlayton
On Tue, 2017-07-11 at 12:13 -0400, J. Bruce Fields wrote: > On Fri, Jul 07, 2017 at 10:05:30AM -0400, Jeff Layton wrote: > > From: Jeff Layton > > > > The IMA assessment code tries to use the i_version counter to > > detect > > when changes to a file have occurred. Many

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-11 Thread jlayton
On Tue, 2017-07-11 at 12:13 -0400, J. Bruce Fields wrote: > On Fri, Jul 07, 2017 at 10:05:30AM -0400, Jeff Layton wrote: > > From: Jeff Layton > > > > The IMA assessment code tries to use the i_version counter to > > detect > > when changes to a file have occurred. Many filesystems don't > >

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-11 Thread Mimi Zohar
On Tue, 2017-07-11 at 12:13 -0400, J. Bruce Fields wrote: > On Fri, Jul 07, 2017 at 10:05:30AM -0400, Jeff Layton wrote: > > From: Jeff Layton > > > > The IMA assessment code tries to use the i_version counter to detect > > when changes to a file have occurred. Many

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-11 Thread Mimi Zohar
On Tue, 2017-07-11 at 12:13 -0400, J. Bruce Fields wrote: > On Fri, Jul 07, 2017 at 10:05:30AM -0400, Jeff Layton wrote: > > From: Jeff Layton > > > > The IMA assessment code tries to use the i_version counter to detect > > when changes to a file have occurred. Many filesystems don't increment >

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-11 Thread J. Bruce Fields
On Fri, Jul 07, 2017 at 10:05:30AM -0400, Jeff Layton wrote: > From: Jeff Layton > > The IMA assessment code tries to use the i_version counter to detect > when changes to a file have occurred. Many filesystems don't increment > it properly (or at all) so detecting changes

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-11 Thread J. Bruce Fields
On Fri, Jul 07, 2017 at 10:05:30AM -0400, Jeff Layton wrote: > From: Jeff Layton > > The IMA assessment code tries to use the i_version counter to detect > when changes to a file have occurred. Many filesystems don't increment > it properly (or at all) so detecting changes with that is not

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-10 Thread Mimi Zohar
On Fri, 2017-07-07 at 16:35 -0400, Jeff Layton wrote: > On Fri, 2017-07-07 at 15:59 -0400, Mimi Zohar wrote: > > On Fri, 2017-07-07 at 13:49 -0400, Jeff Layton wrote: > > > On Fri, 2017-07-07 at 13:24 -0400, Mimi Zohar wrote: > > > > On Fri, 2017-07-07 at 12:57 -0400, Jeff Layton wrote: > > > > >

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-10 Thread Mimi Zohar
On Fri, 2017-07-07 at 16:35 -0400, Jeff Layton wrote: > On Fri, 2017-07-07 at 15:59 -0400, Mimi Zohar wrote: > > On Fri, 2017-07-07 at 13:49 -0400, Jeff Layton wrote: > > > On Fri, 2017-07-07 at 13:24 -0400, Mimi Zohar wrote: > > > > On Fri, 2017-07-07 at 12:57 -0400, Jeff Layton wrote: > > > > >

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-07 Thread Jeff Layton
On Fri, 2017-07-07 at 15:59 -0400, Mimi Zohar wrote: > On Fri, 2017-07-07 at 13:49 -0400, Jeff Layton wrote: > > On Fri, 2017-07-07 at 13:24 -0400, Mimi Zohar wrote: > > > On Fri, 2017-07-07 at 12:57 -0400, Jeff Layton wrote: > > > > On Fri, 2017-07-07 at 10:05 -0400, Jeff Layton wrote: > > > > >

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-07 Thread Jeff Layton
On Fri, 2017-07-07 at 15:59 -0400, Mimi Zohar wrote: > On Fri, 2017-07-07 at 13:49 -0400, Jeff Layton wrote: > > On Fri, 2017-07-07 at 13:24 -0400, Mimi Zohar wrote: > > > On Fri, 2017-07-07 at 12:57 -0400, Jeff Layton wrote: > > > > On Fri, 2017-07-07 at 10:05 -0400, Jeff Layton wrote: > > > > >

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-07 Thread Mimi Zohar
On Fri, 2017-07-07 at 13:49 -0400, Jeff Layton wrote: > On Fri, 2017-07-07 at 13:24 -0400, Mimi Zohar wrote: > > On Fri, 2017-07-07 at 12:57 -0400, Jeff Layton wrote: > > > On Fri, 2017-07-07 at 10:05 -0400, Jeff Layton wrote: > > > > From: Jeff Layton > > > > > > > > The IMA

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-07 Thread Mimi Zohar
On Fri, 2017-07-07 at 13:49 -0400, Jeff Layton wrote: > On Fri, 2017-07-07 at 13:24 -0400, Mimi Zohar wrote: > > On Fri, 2017-07-07 at 12:57 -0400, Jeff Layton wrote: > > > On Fri, 2017-07-07 at 10:05 -0400, Jeff Layton wrote: > > > > From: Jeff Layton > > > > > > > > The IMA assessment code

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-07 Thread Jeff Layton
On Fri, 2017-07-07 at 13:24 -0400, Mimi Zohar wrote: > On Fri, 2017-07-07 at 12:57 -0400, Jeff Layton wrote: > > On Fri, 2017-07-07 at 10:05 -0400, Jeff Layton wrote: > > > From: Jeff Layton > > > > > > The IMA assessment code tries to use the i_version counter to detect > >

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-07 Thread Jeff Layton
On Fri, 2017-07-07 at 13:24 -0400, Mimi Zohar wrote: > On Fri, 2017-07-07 at 12:57 -0400, Jeff Layton wrote: > > On Fri, 2017-07-07 at 10:05 -0400, Jeff Layton wrote: > > > From: Jeff Layton > > > > > > The IMA assessment code tries to use the i_version counter to detect > > > when changes to a

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-07 Thread Mimi Zohar
On Fri, 2017-07-07 at 12:57 -0400, Jeff Layton wrote: > On Fri, 2017-07-07 at 10:05 -0400, Jeff Layton wrote: > > From: Jeff Layton > > > > The IMA assessment code tries to use the i_version counter to detect > > when changes to a file have occurred. Many filesystems don't

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-07 Thread Mimi Zohar
On Fri, 2017-07-07 at 12:57 -0400, Jeff Layton wrote: > On Fri, 2017-07-07 at 10:05 -0400, Jeff Layton wrote: > > From: Jeff Layton > > > > The IMA assessment code tries to use the i_version counter to detect > > when changes to a file have occurred. Many filesystems don't increment > > it

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-07 Thread Jeff Layton
On Fri, 2017-07-07 at 10:05 -0400, Jeff Layton wrote: > From: Jeff Layton > > The IMA assessment code tries to use the i_version counter to detect > when changes to a file have occurred. Many filesystems don't increment > it properly (or at all) so detecting changes with that

Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-07 Thread Jeff Layton
On Fri, 2017-07-07 at 10:05 -0400, Jeff Layton wrote: > From: Jeff Layton > > The IMA assessment code tries to use the i_version counter to detect > when changes to a file have occurred. Many filesystems don't increment > it properly (or at all) so detecting changes with that is not always >

[PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-07 Thread Jeff Layton
From: Jeff Layton The IMA assessment code tries to use the i_version counter to detect when changes to a file have occurred. Many filesystems don't increment it properly (or at all) so detecting changes with that is not always reliable. That check should be gated on

[PATCH v2] integrity: track mtime in addition to i_version for assessment

2017-07-07 Thread Jeff Layton
From: Jeff Layton The IMA assessment code tries to use the i_version counter to detect when changes to a file have occurred. Many filesystems don't increment it properly (or at all) so detecting changes with that is not always reliable. That check should be gated on IS_I_VERSION, as you can't