On 8/4/2020 5:43 PM, Lakshmi Ramasubramanian wrote: > Critical data structures of security modules are currently not measured. > Therefore an attestation service, for instance, would not be able to > attest whether the security modules are always operating with the policies > and configuration that the system administrator had setup. The policies > and configuration for the security modules could be tampered with by > malware by exploiting kernel vulnerabilities or modified through some > inadvertent actions on the system. Measuring such critical data would > enable an attestation service to better assess the state of the system. I still wonder why you're calling this an LSM change/feature when all the change is in IMA and SELinux. You're not putting anything into the LSM infrastructure, not are you using the LSM infrastructure to achieve your ends. Sure, you *could* support other security modules using this scheme, but you have a configuration dependency on SELinux, so that's at best going to be messy. If you want this to be an LSM "feature" you need to use the LSM hooking mechanism. I'm not objecting to the feature. It adds value. But as you've implemented it it is either an IMA extension to SELinux, or an SELiux extension to IMA. Could AppArmor add hooks for this without changing the IMA code? It doesn't look like it to me.