Re: [RFC][PATCH 2/3] SLIM

From: Stephen Smalley (sds@private)
Date: Thu Nov 17 2005 - 10:10:46 PST


On Thu, 2005-11-17 at 12:28 -0500, Stephen Smalley wrote:
> No, this is backwards.  EVM is mechanism for validation.  LSMs may wish
> to use it to validate their xattrs.  So EVM should become a support
> library, just like IMA, that exposes interfaces to allow LSMs to get
> validated attributes as a single transaction (and on validation error,
> the calling LSM then gets to decide how to handle the error), replacing
> their current direct calls to ->getxattr.  The calling LSM also has to
> call EVM hooks at certain points for management of EVM state.

Note btw that one of those "validation errors" may just be that the
underlying platform lacks a TPM (or the kernel lacks a driver for its
TPM version), in which case the LSM should provide a mode of operation
to allow the LSM to function without such validation.  We certainly
wouldn't want SELinux to stop working on platforms without TPMs (or with
unsupported TPMs) if we started using EVM.
 
-- 
Stephen Smalley
National Security Agency



This archive was generated by hypermail 2.1.3 : Thu Nov 17 2005 - 10:04:30 PST