Re: [PATCH] 3 of 5 IMA: LSM-based measurement code

From: serue@private
Date: Wed Jun 15 2005 - 13:49:36 PDT

Quoting James Morris (jmorris@private):
> On Wed, 15 Jun 2005, Reiner Sailer wrote:
> > This patch applies against linux-2.6.12-rc6-mm1 and provides the main
> > Integrity Measurement Architecture code (LSM-based).
> Why are you still trying to use LSM for this?

A long, long time ago, Crispin defined LSM's purpose as:

>> Main goal : we have to design a generic framework to be able to use
>> better
>> security policies than the current ones (DAC and capabilities).
>Sort of. We have to design a generic interface that exports enough
>functionality to allow security developers to go off and create these
>security policy modules. 

Since IMA provides support for a new type of security policy,
specifically remote system integrity verification, I don't see
where LSM shouldn't necessarily be used.

I'm also curious about the current kernel development approach:
On the one hand, when filesystem auditing was introduced, Christoph
asked whether inotify and audit should be merged because they hook
some of the same places.  Can someone reconcile these points of view
for me, please?  If Reiner goes ahead and moves the IMA code straight
into the kernel, does anyone doubt that he'll be asked to merge it
with LSM?

I'm not pushing one way or the other - I don't care whether IMA is
an LSM or not :)  I just don't understand the current climate.


This archive was generated by hypermail 2.1.3 : Wed Jun 15 2005 - 13:45:15 PDT