Re: [PATCH] overlayfs: Trigger file re-evaluation by IMA / EVM after writes

From: Stefan Berger
Date: Thu Apr 06 2023 - 15:12:01 EST

Next message: Sean Christopherson: "Re: [PATCH 1/3] KVM: VMX: Don't rely _only_ on CPUID to enforce XCR0 restrictions for ECREATE"
Previous message: Bjorn Helgaas: "Re: [PATCH v1 2/3] PCI: brcmstb: Clkreq# accomodations of downstream device"
In reply to: Jeff Layton: "Re: [PATCH] overlayfs: Trigger file re-evaluation by IMA / EVM after writes"
Next in thread: Jeff Layton: "Re: [PATCH] overlayfs: Trigger file re-evaluation by IMA / EVM after writes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/6/23 14:46, Jeff Layton wrote:

On Thu, 2023-04-06 at 17:01 +0200, Christian Brauner wrote:

On Thu, Apr 06, 2023 at 10:36:41AM -0400, Paul Moore wrote:

Correct. As long as IMA is also measuring the upper inode then it seems
like you shouldn't need to do anything special here.

Unfortunately IMA does not notice the changes. With the patch provided in the other email IMA works as expected.

What sort of fs are you using for the upper layer?

jffs2:

/dev/mtdblock4 on /run/initramfs/ro type squashfs (ro,relatime,errors=continue)
/dev/mtdblock5 on /run/initramfs/rw type jffs2 (rw,relatime)
cow on / type overlay (rw,relatime,lowerdir=run/initramfs/ro,upperdir=run/initramfs/rw/cow,workdir=run/initramfs/rw/work)

Regards,
Stefan

Next message: Sean Christopherson: "Re: [PATCH 1/3] KVM: VMX: Don't rely _only_ on CPUID to enforce XCR0 restrictions for ECREATE"
Previous message: Bjorn Helgaas: "Re: [PATCH v1 2/3] PCI: brcmstb: Clkreq# accomodations of downstream device"
In reply to: Jeff Layton: "Re: [PATCH] overlayfs: Trigger file re-evaluation by IMA / EVM after writes"
Next in thread: Jeff Layton: "Re: [PATCH] overlayfs: Trigger file re-evaluation by IMA / EVM after writes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]