On Mon, 2006-04-17 at 14:47 -0500, Serge E. Hallyn wrote:
> Quoting James Morris ([email protected]):
> > Last I recall on this issue, we asked if you could look at providing
> > integrity measurement as a distinct API, and integrity control as either
> > integrated with SELinux or a distinct component which SELinux could use.
>
> And those are what I believe the next patchset will provide.
At the conclusion of the last round of discussions on slim-evm-ima on
list, it was the case that:
- ima was no longer an issue, as it had already ceased being a separate
LSM,
- it was demonstrated that evm needed to be tightly coupled with any LSM
in order to work correctly and efficiently, and it seemed to be accepted
that evm needed to be turned from a separate LSM into a set of support
functions for use by a LSM (as well as having many other design and
implementation problems to resolve to be truly useable),
- it was argued that slim was broken-by-design and no one was willing or
able to refute that position.
Hardly a strong case for LSM...
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]