| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 2 Aug 2020 10:03:00 -0400
From: Sasha Levin <sashal@...nel.org>
To: Pavel Machek <pavel@....cz>
Cc: Deven Bowers <deven.desai@...ux.microsoft.com>, agk@...hat.com,
axboe@...nel.dk, snitzer@...hat.com, jmorris@...ei.org,
serge@...lyn.com, zohar@...ux.ibm.com, viro@...iv.linux.org.uk,
paul@...l-moore.com, eparis@...hat.com, jannh@...gle.com,
dm-devel@...hat.com, linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-block@...r.kernel.org,
linux-audit@...hat.com, tyhicks@...ux.microsoft.com,
linux-kernel@...r.kernel.org, corbet@....net,
jaskarankhurana@...ux.microsoft.com, mdsakib@...rosoft.com,
nramas@...ux.microsoft.com, pasha.tatashin@...een.com
Subject: Re: [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE)
On Sun, Aug 02, 2020 at 01:55:45PM +0200, Pavel Machek wrote:
>Hi!
>
>> IPE is a Linux Security Module which allows for a configurable
>> policy to enforce integrity requirements on the whole system. It
>> attempts to solve the issue of Code Integrity: that any code being
>> executed (or files being read), are identical to the version that
>> was built by a trusted source.
>
>How is that different from security/integrity/ima?
Maybe if you would have read the cover letter all the way down to the
5th paragraph which explains how IPE is different from IMA we could
avoided this mail exchange...
--
Thanks,
Sasha
Powered by blists - more mailing lists