Re: [Linux-ima-user] IMA hash update

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Mon, 2016-02-15 at 10:45 -0500, Mimi Zohar wrote:
> On Mon, 2016-02-15 at 11:27 +0100, Patrick Ohly wrote:
> > Implementing the enhanced fdatasync() mentioned before and relying on
> > programs to call fdatasync() would help somewhat, but not all programs
> > call it. Would calling fsync() in systemd have helped?

I tried it and fsync() before close() seems to have helped. Does that
make sense, considering that it was said earlier that security.ima only
gets calculated on close()?

> > ext4 mount options also don't look promising. commit=nrsec flushes data
> > after 5 seconds by default, but does not seem to include xattrs.
> > 
> > Journaling is already using data=ordered, so meta data should be as safe
> > as it can be, and yet it still doesn't include the modified xattr.
> 
> It sounds like the same methods for preserving the file data need to be
> extended to preserve the file metadata.  I haven't looked at the kernel
> code (yet), so I don't know how hard it would be to implement.

I'm not a kernel expert, so any guidance would be welcome.

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.