Re: [PATCH 00/14] EVM
From: James Morris
Date: Thu Jun 03 2010 - 20:58:05 EST
On Tue, 1 Jun 2010, Mimi Zohar wrote:
> SELinux, Smack, Capabilities, and IMA all use extended attributes. The
> purpose of EVM is to detect offline tampering of these security extended
> attributes.
One issue mentioned to me off-list is that if EVM is only protecting
against offline attacks, why not just encrypt the entire volume ?
This would provide confidentiality and integrity protection for all data
and metadata, rather than just integrity for xattr metadata.
- James
--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/