Re: [PATCH] ima: Calculate digest in ima_inode_hash() if not available

From: Mimi Zohar
Date: Fri Feb 11 2022 - 07:41:28 EST

Next message: Damien Le Moal: "Re: DMA-API: tegra-ahci 70027000.sata: device driver maps memory from kernel text or rodata"
Previous message: Rob Herring: "Re: [PATCH 1/3] dt-bindings: nvmem: make "reg" property optional"
In reply to: Roberto Sassu: "[PATCH] ima: Calculate digest in ima_inode_hash() if not available"
Next in thread: Roberto Sassu: "RE: [PATCH] ima: Calculate digest in ima_inode_hash() if not available"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Roberto,

On Fri, 2022-02-11 at 11:48 +0100, Roberto Sassu wrote:
> __ima_inode_hash() checks if a digest has been already calculated by
> looking for the integrity_iint_cache structure associated to the passed
> inode.
>
> Users of ima_file_hash() and ima_inode_hash() (e.g. eBPF) might be
> interested in obtaining the information without having to setup an IMA
> policy so that the digest is always available at the time they call one of
> those functions.

Things obviously changed, but the original use case for this interface,
as I recall, was a quick way to determine if a file had been accessed
on the system.

--
thanks,

Mimi

Next message: Damien Le Moal: "Re: DMA-API: tegra-ahci 70027000.sata: device driver maps memory from kernel text or rodata"
Previous message: Rob Herring: "Re: [PATCH 1/3] dt-bindings: nvmem: make "reg" property optional"
In reply to: Roberto Sassu: "[PATCH] ima: Calculate digest in ima_inode_hash() if not available"
Next in thread: Roberto Sassu: "RE: [PATCH] ima: Calculate digest in ima_inode_hash() if not available"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]