Re: [Linux-ima-user] Measurement list and path of measured files

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Fri, 2012-06-15 at 13:25 +0300, Kasatkin, Dmitry wrote:
> actually here is a diff
> 
> http://git.kernel.org/?p=linux/kernel/git/kasatkin/linux-digsig.git;a=blobdiff;f=security/integrity/ima/ima_audit.c;h=b16eef4cfddbcb662c6fe10ce560d308e1cf4832;hp=21e96bf188dfcc12ff3b05226f3c7d83521dbc2b;hb=da64aee677a578a2ac66f641737fdc74e9259418;hpb=8e88fb141c9596e5efc1b72168c51484875ac5c2
> 
> 
> On Fri, Jun 15, 2012 at 1:23 PM, Kasatkin, Dmitry
> <dmi...@in...> wrote:
> > Hello,
> >
> > Actually in my tree there is a patch to show full path.
> > It does reverse path walk.
> >
> > http://git.kernel.org/?p=linux/kernel/git/kasatkin/linux-digsig.git;a=blob;f=security/integrity/ima/ima_audit.c;h=b16eef4cfddbcb662c6fe10ce560d308e1cf4832;hb=da64aee677a578a2ac66f641737fdc74e9259418
> >
> > - Dmitry

Thanks Dmitry.  Both this version and Peter Moody's post, which uses the
existing upstream audit_log_d_path() and d_path(), use the full pathname
only for auditing purposes.  

The discussion, here, is to simplify correlating the file measurement
list hashes with filenames.  We probably want a function similar to
audit_log_d_format(), but returns the allocated buffer instead of
freeing it, which could be used for both the measurement list and
auditing.

thanks,

Mimi