acl-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Acl-devel] [PATCH 2/2] Suppress error messages when copying securit


From: Stefan Berger
Subject: Re: [Acl-devel] [PATCH 2/2] Suppress error messages when copying security.ima fails
Date: Fri, 9 Dec 2016 16:14:40 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1

On 12/09/2016 04:02 PM, Mike Frysinger wrote:
On 09 Dec 2016 15:18, Stefan Berger wrote:
On 12/09/2016 02:40 PM, Mike Frysinger wrote:
On 25 Oct 2016 13:36, Stefan Berger wrote:
The security.ima extended attribute may be copied when it contains
a digital signature. In case it is a hash, the copying will fail
and we suppress the error message in that case.
i'm not sure hardcoding specific attributes in the C code like this
is a good idea.  can't we leverage the existing conf file ?
Should we add an option to not display an error? Like 'quiet' ?
that's already possible by not passing in an error context.
but that's not what i meant.  we already have xattr.conf that
explicitly lists attributes and whether we should skip them.
can't we leverage that database in these files and have it
(silently) skip attributes when they're listed as "skip" ?


The security.ima extended attribute can either be a hash or a signature. In case of a signature, we want it to be copied, in case of a hash we don't want to show the error messages appearing when the copying failed.

   Stefan

-mike





reply via email to

[Prev in Thread] Current Thread [Next in Thread]