Re: [RFC][PATCH 1/3] EVM

From: Mimi Zohar (zohar@private)
Date: Thu Nov 17 2005 - 13:29:04 PST

Previous message: Mimi Zohar: "Re: [RFC][PATCH 3/3] IMA"
In reply to: James Morris: "Re: [RFC][PATCH 1/3] EVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

James,

Thank you for the constructive criticism on the EVM patch.   We agree with
the issues you raised and will address them before reposting.  In regards
to:

>> + {"security.evm.antivirus", 300, 7776000,
>
>What is this doing in the kernel?

The original EVM code attempted to read a configuration file /etc/evm.conf,
but if it didn't exist, the above defaults were used.  Defaults are
unnecessary at this point, as EVM waits until it is properly configured
using the /sys/kernel/security/evm/config, before enabling the LSM hooks.
Once EVM is properly configured /sys/kernel/security/evm/config is removed.
Thus the above code, as well as any lingering references to updating the
configuration file, will be removed.

Mimi Zohar

Previous message: Mimi Zohar: "Re: [RFC][PATCH 3/3] IMA"
In reply to: James Morris: "Re: [RFC][PATCH 1/3] EVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Thu Nov 17 2005 - 13:31:13 PST