[RFC][PATCH 1/3] evm: Move hooks outside LSM infrastructure

Mimi Zohar zohar at linux.ibm.com
Wed May 6 21:10:08 UTC 2020

On Wed, 2020-05-06 at 15:44 -0400, Mimi Zohar wrote:
> Since copying the EVM HMAC or original signature isn't applicable, I
> would prefer exploring an EVM portable and immutable signature only
> solution.

To prevent copying the EVM xattr, we added "security.evm" to
/etc/xattr.conf.  To support copying just the EVM portable and
immutable signatures will require a different solution.


More information about the Linux-security-module-archive mailing list