Re: [PATCH] 3 of 5 IMA: LSM-based measurement code

From: Casey Schaufler
Date: Wed Jun 15 2005 - 17:08:56 EST

Next message: Jesper Juhl: "[-mm PATCH][3/4] net: signed vs unsigned cleanup in net/ipv4/raw.c"
Previous message: Alexey Dobriyan: "[PATCH 2/2] Convert users to tty_unregister_ldisc()"
In reply to: Chris Wright: "Re: [PATCH] 3 of 5 IMA: LSM-based measurement code"
Next in thread: Serge E. Hallyn: "Re: [PATCH] 3 of 5 IMA: LSM-based measurement code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- serue@xxxxxxxxxx wrote:

> Ok, so to be clear, any module which does not
> directly impose some form
> of access control is not eligible for an LSM?

In particular, an additional access control.
LSM is not for changing the existing policy,
it is for imposing additional policy.

You could, of course, add code to act on the
integrity measurements you've made, in which
case you could be in conformance with the
stated eligibilty requirements.

> (in that case that clearly settles the issue)

It sure took the wind out of the sails for the
SGI audit implementation.

Casey Schaufler
casey@xxxxxxxxxxxxxxxx

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jesper Juhl: "[-mm PATCH][3/4] net: signed vs unsigned cleanup in net/ipv4/raw.c"
Previous message: Alexey Dobriyan: "[PATCH 2/2] Convert users to tty_unregister_ldisc()"
In reply to: Chris Wright: "Re: [PATCH] 3 of 5 IMA: LSM-based measurement code"
Next in thread: Serge E. Hallyn: "Re: [PATCH] 3 of 5 IMA: LSM-based measurement code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]