Re: [Linux-ima-user] kernel warnings

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Mon, 2015-07-13 at 08:50 -0400, Mimi Zohar wrote:
> On Mon, 2015-07-13 at 13:50 +0200, Patrick Ohly wrote:
> > However, I get kernel messages that I haven't seen before, about "Root
> > dentry has weird name" and "warn_slowpath_common". Not sure whether the
> > two are releated. At least they appear close to each other in the
> > "dmesg" output below. Any suggestions?
> 
> The following patches are bug fixes, which were upstreamed in this open
> window and will be (hopefully this week) backported.  "ima: do not
> measure or appraise the NSFS filesystem" should address the problem you
> are seeing.
> 
> 45b2613 ima: fix ima_show_template_data_ascii()
> f2b3dee KEYS: fix "ca_keys=" partial key matching
> 5101a18 evm: labeling pseudo filesystems exception
> cd025f7 ima: do not measure or appraise the NSFS filesystem

I updated my tentative IMA policy file (which I am using right now
instead if ima_appraise_tcb) with the dont_appraise for NSFS and the
kernel messages are indeed gone.

I wasn't sure why, though, until I read the commit message introducing
nsfs (e149ed2) into 3.19-rc1 where it was explained that nsfs cannot be
mounted and thus will not be visible to user space - how sneaky ;-}

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.