IMA appraisal master plan?
Mimi Zohar
zohar at linux.vnet.ibm.com
Tue Nov 21 15:53:33 UTC 2017
On Tue, 2017-11-21 at 16:25 +0100, Roberto Sassu wrote:
> In the next version of the patch set 'ima: preserve integrity of dynamic
> data', I will introduce the policy low watermark for objects. Instead of
> denying writing of mutable files by processes outside the TCB, IMA will
> allow the operation and demote those files (remove the HMAC).
There has been no consensus for the existing patch set you've posted.
In fact, everyone who has responded said to make it a separate LSM.
Extending the patch set makes no sense.
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list