Re: [GIT PULL] Security subsystem updates for 4.14
From: Christoph Hellwig
Date: Sun Sep 10 2017 - 04:11:46 EST
On Fri, Sep 08, 2017 at 10:25:53AM -0700, Linus Torvalds wrote:
> I don't think anybody actually tests linux-next kernels in any big
> way, and the automated tests that do get run probably don't run with
> any integrity checking enabled.
Well, for the atual IMA deadlock issue I asked Mimi to produce automated
tests and we get started on it. I was pretty pissed about the
assumptions IMA made on the fs, whch weren't documented or automatically
tested - coming from the XFS background where we want all our features
to run through automated tests that was just not how I'd expect thing
But now as part of that I messed up the other caller of it, so I
shouldn't complain too loud..
That being said - I really hink the certificate loading should not
even go thorught this whole call path, but use our common helper to
load a file into a buffer. Something like the patch below, I'm just
not sure if the last policy argument is what people want or if we'd need
to add a new policy type for certificates.