Re: [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE)

From: Pavel Machek
Date: Sun Aug 02 2020 - 07:55:56 EST


> IPE is a Linux Security Module which allows for a configurable
> policy to enforce integrity requirements on the whole system. It
> attempts to solve the issue of Code Integrity: that any code being
> executed (or files being read), are identical to the version that
> was built by a trusted source.

How is that different from security/integrity/ima?

(cesky, pictures)