Re: [PATCH v6 8/8] selinux: measure state and hash of the policy using IMA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/20/20 7:49 AM, Mimi Zohar wrote:
Hi Mimi,


On Thu, 2020-11-19 at 15:26 -0800, Tushar Sugandhi wrote:
From: Lakshmi Ramasubramanian <nramas@xxxxxxxxxxxxxxxxxxx>

IMA measures files and buffer data such as keys, command line arguments
passed to the kernel on kexec system call, etc. While these measurements
enable monitoring and validating the integrity of the system, it is not
sufficient.

The above paragraph would make a good cover letter introduction.

Agreed - will add this paragraph to the cover letter as well.


In-memory data structures maintained by various kernel
components store the current state and policies configured for
the components.

Various data structures, policies and state stored in kernel memory
also impact the  integrity of the system.

Will update.


The 2nd paragraph could provide examples of such integrity critical
data.

Will do.


This patch set introduces a new IMA hook named
ima_measure_critical_data() to measure kernel integrity critical data.


*Question*
I am not clear about this one - do you mean add the following line in the patch description for the selinux patch?

"This patch introduces the first use of the new IMA hook namely ima_measures_critical_data() to measure the integrity critical data for SELinux"

thanks,
 -lakshmi



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux