Re: [Linux-ima-user] IMA overwrites xattr even if it has got correct signature

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Mon, 2016-02-29 at 14:11 +0200, Dmitry Rozhkov wrote:
> On Fri, 2016-02-26 at 17:53 +0100, Patrick Ohly wrote:
> > On Fri, 2016-02-26 at 18:26 +0200, Dmitry Rozhkov wrote:
> > > Hm. I've just tried to reproduce my use case with the following
> > > simple
> > > test and got perfectly correct results. Looks like there's
> > > something
> > > fishy with bsdtar still.
> > 
> > Can you do strace dumps to compare the actual syscalls?
> > 
> 
> Yep, strace shows that bsdtar do utimensat() after fsetxattr() and
> before close().
> 
> The test program below reproduces the problem.
> 
> I think if timestamps are not considered to be a part of the hash sums
> (and it seems to be the case since the IMA hash is the same for the
> same file but with different timestamps) then it should be better fixed
> in IMA. But patching bsdtar to have setting xattrs the last operation
> before close() would not harm too.

Thank you for trouble shooting this.  The new file and digsig flags are
being reset in ima_post_setattr().  I'll post a patch shortly.

Mimi