linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Oleksij Rempel <ore@pengutronix.de>
To: Richard Weinberger <richard@nod.at>
Cc: Christoph Hellwig <hch@infradead.org>,
	Oleksij Rempel <o.rempel@pengutronix.de>,
	dedekind1@gmail.com, adrian.hunter@intel.com,
	linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, kernel@pengutronix.de
Subject: Re: [PATCH v2 2/3] fs: ubifs: update i_version on inode changes
Date: Wed, 12 Apr 2017 08:05:34 +0200	[thread overview]
Message-ID: <20170412060534.meohif5djev7johp@pengutronix.de> (raw)
In-Reply-To: <d1641500-dda5-d317-49f6-6b1be734edf4@nod.at>

On Tue, Apr 11, 2017 at 11:13:24PM +0200, Richard Weinberger wrote:
> Am 11.04.2017 um 18:05 schrieb Christoph Hellwig:
> > On Tue, Apr 11, 2017 at 11:50:54AM +0200, Oleksij Rempel wrote:
> >> increment i_version to notify security/IMA about changes
> >> made in inode.
> >>
> >> Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
> > 
> > And how is this stored on disk?
> > 
> 
> Hehe, I was about to ask the same question. :-)

No. it is not stored to fs.
Heh, the same question i asked my self. On linux-ima-user i found
this post (2009-07-23):
https://sourceforge.net/p/linux-ima/mailman/message/23152923/
---
When an inode entry is removed from dcache, the corresponding iint entry
is removed from the radix tree. Unmounting an fs will cause the inodes,
and by extension iint's, to be freed.  When the fs is remounted, any
file accessed will result in allocating a new iint structure with the
i_version set to 0.
---

The code seems to confirm it. So i assumed that IMA don't care if
i_version is stored to disk or not. And i_version is the only way
to notify IMA about inode changes.
Since IMA documentation explecitley set i_version as reqieremt, so this
option was provided as well.

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

  reply	other threads:[~2017-04-12  6:06 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-11  9:50 [PATCH v2 0/3] make ubifs compatible with IMA and EVM Oleksij Rempel
2017-04-11  9:50 ` [PATCH v2 1/3] fs: ubifs: parse iversion mount option Oleksij Rempel
2017-04-11  9:50 ` [PATCH v2 2/3] fs: ubifs: update i_version on inode changes Oleksij Rempel
2017-04-11 16:05   ` Christoph Hellwig
2017-04-11 21:13     ` Richard Weinberger
2017-04-12  6:05       ` Oleksij Rempel [this message]
2017-04-12  6:08         ` Christoph Hellwig
2017-04-12  7:04           ` Oleksij Rempel
2017-04-24 15:44             ` Richard Weinberger
2017-04-11  9:50 ` [PATCH v2 3/3] fs: ubifs: set s_uuid in super block Oleksij Rempel
2017-04-11 20:43   ` Richard Weinberger
2017-04-12  5:48     ` Christoph Hellwig
2017-04-12  7:15       ` Oleksij Rempel
2017-04-24 15:47         ` Richard Weinberger
2017-04-27 22:03           ` Richard Weinberger
2017-04-28  8:53             ` Amir Goldstein
2017-05-02  5:30               ` Oleksij Rempel
2017-05-02  7:19             ` Amir Goldstein
2017-05-02  7:37               ` Richard Weinberger
2017-05-09  4:13                 ` Oleksij Rempel
     [not found]                   ` <CAOQ4uxiEGJLSGS5rK8V8GRNvf9aWqbVG5odu2=nv73xTOmvfNQ@mail.gmail.com>
2017-05-09  5:52                     ` Oleksij Rempel
2017-05-09  7:01                       ` Richard Weinberger
2017-05-09  7:08                         ` Amir Goldstein
2017-05-09  7:35                           ` Oleksij Rempel
2017-05-09  7:35                           ` Richard Weinberger
2017-05-09  7:50                             ` Amir Goldstein
2017-05-02  7:23     ` Artem Bityutskiy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170412060534.meohif5djev7johp@pengutronix.de \
    --to=ore@pengutronix.de \
    --cc=adrian.hunter@intel.com \
    --cc=dedekind1@gmail.com \
    --cc=hch@infradead.org \
    --cc=kernel@pengutronix.de \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mtd@lists.infradead.org \
    --cc=o.rempel@pengutronix.de \
    --cc=richard@nod.at \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).