Re: [RFC PATCH 1/5] ima: extend clone() with IMA namespace support

From: James Morris
Date: Sun Mar 11 2018 - 18:59:09 EST


On Fri, 9 Mar 2018, Stefan Berger wrote:

> Yuqiong is publishing a paper in this area. I believe the conference is only
> later this year.
>
> Our goals are to enable IMA measurements, appraisal, and auditing inside a
> container using namespaces.

This is excellent to have -- can you include this requirements analysis as
a file Documentation/security on the next posting?

Also, if you need a public space for managing these kinds of documents,
consider utilizing
http://kernsec.org/wiki/index.php/Linux_Kernel_Integrity



- James
--
James Morris
<jmorris@xxxxxxxxx>