Re: [PATCH 1/3] IMA: move read/write counters into struct inode

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Mimi Zohar

Subject: Re: [PATCH 1/3] IMA: move read/write counters into struct inode

Date: Tuesday, October 19, 2010 - 11:16 am

On Tue, 2010-10-19 at 18:28 +0100, Al Viro wrote:
quoted text> On Tue, Oct 19, 2010 at 10:03:48AM -0700, Linus Torvalds wrote:
> > On Tue, Oct 19, 2010 at 9:55 AM, Al Viro <viro@zeniv.linux.org.uk> wrote:
> > >
> > > a) i_writecount is about VM_DENYWRITE, basically. ?Reusing it for ima could
> > > get unpleasant; when it's positive, we are fine, but it can get negative as
> > > well. ?IMA will have interesting time dealing with that.
> > >
> > > b) i_count is simply a refcount for struct inode. ?Not exactly the number
> > > of dentries, but that's the main contributor. ?Basically, that's "how many
> > > pointers outside of inode hash chains point that that struct inode at the
> > > moment".
> > 
> > My question was deeper. More along the lines of "why would IMA care?"
> > 
> > How/why could IMA ever care about the pointless and trivial
> > differences between its current private open/read/write counts and the
> > counts that we already maintain?
> > 
> > Yes, yes, I realize that they have technical differences in what they
> > count. That's not the question. The question is "Why would IMA care?"

The filesystem prevents files being executed from being opened for
write.  The same guarantees that the file won't change, obviously,
doesn't exist for files being opened for read. Thus measuring a file
opened for read that has already been open for write, has no meaning.
Unfortunately, since the inode counters don't provide this information,
IMA maintains a separate set of counters.

quoted text> I'd rather not say what I think about IMA sanity (and usefulness); as for what
> it tries to do...  They want to whine if you open a file that is already opened
> for write and they want to whine if you open a file for write when it's already
> opened for read.  Unless they decide to leave the file alone, that is.

You left out one minor detail, invalidate the PCR as well.

Mimi

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Eric Paris, (Tue Oct 19, 9:36 am)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Al Viro, (Tue Oct 19, 9:55 am)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Linus Torvalds, (Tue Oct 19, 10:03 am)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Al Viro, (Tue Oct 19, 10:28 am)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Mimi Zohar, (Tue Oct 19, 11:16 am)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Matthew Wilcox, (Tue Oct 19, 12:11 pm)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Eric Paris, (Tue Oct 19, 3:49 pm)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Al Viro, (Tue Oct 19, 8:15 pm)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., John Stoffel, (Wed Oct 20, 6:10 am)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Al Viro, (Wed Oct 20, 6:36 am)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Ingo Molnar, (Wed Oct 20, 7:38 am)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Eric Paris, (Wed Oct 20, 7:46 am)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Ingo Molnar, (Wed Oct 20, 8:15 am)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Eric Paris, (Wed Oct 20, 8:25 am)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., J. Bruce Fields, (Wed Oct 20, 10:38 am)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Casey Schaufler, (Thu Oct 21, 9:15 am)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Ingo Molnar, (Fri Oct 22, 1:48 am)

Re: [PATCH 1/3] IMA: move read/write counters into struct ..., Casey Schaufler, (Fri Oct 22, 10:50 am)

Navigation

Popular discussions


linux-kernel:
Greg KH	Og dreams of kernels
Jens Axboe	[PATCH 31/33] Fusion: sg chaining support
Arnd Bergmann	Re: finding your own dead "CONFIG_" variables
Mark Brown	[PATCH 2/2] Subject: natsemi: Allow users to disable workaround for DspCfg reset
Tony Breeds	[LGUEST] Look in object dir for .config
git:
Brian Downing	Re: Git in a Nutshell guide
John Benes	Re: master has some toys
Matthias Lederhofer	[PATCH 4/7] introduce GIT_WORK_TREE to specify the work tree
Alexander Sulfrian	[RFC/PATCH] RE: git calls SSH_ASKPASS even if DISPLAY is not set
Junio C Hamano	Re: Rss produced by git is not valid xml?
git-commits-head:
Linux Kernel Mailing List	iSeries: fix section mismatch in iseries_veth
Linux Kernel Mailing List	ixbge: remove TX lock and redo TX accounting.
Linux Kernel Mailing List	ixgbe: fix several counter register errata
Linux Kernel Mailing List	b43: fix build with CONFIG_SSB_PCIHOST=n
Linux Kernel Mailing List	9p: block-based virtio client
linux-netdev:
Michael Breuer	Re: [PATCH] af_packet: Don't use skb after dev_queue_xmit()
Michael Breuer	Re: [PATCH] af_packet: Don't use skb after dev_queue_xmit()
David Daney	[PATCH 5/7] Staging: Octeon Ethernet: Convert to NAPI.
Wolfgang Grandegger	[PATCH net-next v4 1/3] can: mscan: fix improper return if dlc < 8 in start_xmi...
Amit Kumar Salecha	[PATCHv3 NEXT 2/2] NET: Add Qlogic ethernet driver for CNA devices