On Thu, 2005-11-17 at 12:28 -0500, Stephen Smalley wrote: > No, this is backwards. EVM is mechanism for validation. LSMs may wish > to use it to validate their xattrs. So EVM should become a support > library, just like IMA, that exposes interfaces to allow LSMs to get > validated attributes as a single transaction (and on validation error, > the calling LSM then gets to decide how to handle the error), replacing > their current direct calls to ->getxattr. The calling LSM also has to > call EVM hooks at certain points for management of EVM state. Note btw that one of those "validation errors" may just be that the underlying platform lacks a TPM (or the kernel lacks a driver for its TPM version), in which case the LSM should provide a mode of operation to allow the LSM to function without such validation. We certainly wouldn't want SELinux to stop working on platforms without TPMs (or with unsupported TPMs) if we started using EVM. -- Stephen Smalley National Security Agency
This archive was generated by hypermail 2.1.3 : Thu Nov 17 2005 - 10:04:30 PST