Re: [Linux-ima-devel] [RFC PATCH 2/4] ima: define new ima_sb_post_new_mount hook

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 16 Aug 2017, Mimi Zohar wrote:

> In this context, I'm not sure what you mean by "loaded".  IMA needs to
> be enabled from the very beginning to capture all measurements and
> verify the integrity of files, without any gaps.  At some point this
> would include other LSM policies.

I think it's better to keep IMA orthogonal to LSM for this reason.

The original motivation to implement IMA as a separate API was because LSM 
was at the time considered specific to access control mechanisms, although 
that is not the case now.

-- 
James Morris
<jmorris@xxxxxxxxx>
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux