Re: IMA: How to manage user space signing policy with others

From: Vivek Goyal
Date: Mon Mar 04 2013 - 12:46:52 EST

Next message: Gleb Natapov: "Re: [PATCH v12 rebased] kvm: notify host when the guest is panicked"
Previous message: Alasdair G Kergon: "Re: [PATCH] md: dm-verity: Fix to avoid a deadlock in dm-bufio"
In reply to: Vivek Goyal: "Re: IMA: How to manage user space signing policy with others"
Next in thread: Mimi Zohar: "Re: IMA: How to manage user space signing policy with others"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 04, 2013 at 10:29:19AM -0500, Vivek Goyal wrote:

[..]
> This reduces our options but trying to make multiple policies co-exist
> together is just making it complicated. We can take it up again when
> somebody has a strong use case of using secureboot policy along with
> other policies.

Well, I also see the unused hook for module verification. Right now there
is no policy for that but if we ever decide to do module verification
using ima hook, then we will have this question that where does that
rule go in now.

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Gleb Natapov: "Re: [PATCH v12 rebased] kvm: notify host when the guest is panicked"
Previous message: Alasdair G Kergon: "Re: [PATCH] md: dm-verity: Fix to avoid a deadlock in dm-bufio"
In reply to: Vivek Goyal: "Re: IMA: How to manage user space signing policy with others"
Next in thread: Mimi Zohar: "Re: IMA: How to manage user space signing policy with others"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]