On Mon, 2020-09-07 at 12:50 +0100, Luke Hinds wrote: > > Candidly, given the politics of security technology being viewed as > > 'constraining' user rights, I think that a lot of forthcoming security > > technology may end up being out of tree moving forward. > > > > I think it's prudent to look forward and plan diligently, but I would > not want perfect to be the enemy of good. Agreed. This isn't an abstract problem, but one that has already come up and, hopefully, has been addressed appropriately. > > I approach this more from a user's perspective. We are using IMA in > https://keylime.dev to measure a host and would like to measure > within a container too. It's the most common request we hear from our > users. > > Perhaps we all collaborate on a proposal extending Stefans work here: > https://kernsec.org/wiki/index.php/IMA_Namespacing_design_considerati > ons > > I have seen around 3-4 patches now get submitted, so work has been > done before, and as above, users are present too. We could then have > some consensus on how this should look and later patches might have > more success at landing. > > Would anyone be interested in this and have recommendations on how we > could approach this? When Roberto Sassu and Krzysztof Struczynski contacted me about the status of Stefan Berger's patch set, based on Yuqiong Sun's work, I was under the impression that they would be rebasing it on the latest kernel and going forward from there. Obviously things changed. I pointed out to them resolving the "IMA namespacing" issue would be the first thing that needs to be addressed. So here we are. Definitely, let's have this discussion. Mimi _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
