Re: [PATCH v6 8/8] selinux: measure state and hash of the policy using IMA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Tushar, Lakshmi,

On Thu, 2020-11-19 at 15:26 -0800, Tushar Sugandhi wrote:
> From: Lakshmi Ramasubramanian <nramas@xxxxxxxxxxxxxxxxxxx>
> 
> IMA measures files and buffer data such as keys, command line arguments
> passed to the kernel on kexec system call, etc. While these measurements
> enable monitoring and validating the integrity of the system, it is not
> sufficient. 

The above paragraph would make a good cover letter introduction.

> In-memory data structures maintained by various kernel
> components store the current state and policies configured for
> the components. 

Various data structures, policies and state stored in kernel memory
also impact the  integrity of the system.

The 2nd paragraph could provide examples of such integrity critical
data.

This patch set introduces a new IMA hook named
ima_measure_critical_data() to measure kernel integrity critical data.

thanks,

Mimi





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux