Re: [RFC PATCH 1/5] ima: extend clone() with IMA namespace support

From: Stefan Berger
Date: Tue Mar 13 2018 - 14:02:33 EST

Next message: Linus Torvalds: "Re: [PATCH 0/4 v5 RESEND] devpts: handle bind-mounts correctly"
Previous message: Laurent Dufour: "[PATCH v9 21/24] perf tools: Add support for the SPF perf event"
In reply to: James Morris: "Re: [RFC PATCH 1/5] ima: extend clone() with IMA namespace support"
Next in thread: James Morris: "Re: [RFC PATCH 1/5] ima: extend clone() with IMA namespace support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/11/2018 06:58 PM, James Morris wrote:

On Fri, 9 Mar 2018, Stefan Berger wrote:

Yuqiong is publishing a paper in this area. I believe the conference is only
later this year.

Our goals are to enable IMA measurements, appraisal, and auditing inside a
container using namespaces.

This is excellent to have -- can you include this requirements analysis as
a file Documentation/security on the next posting?

Also, if you need a public space for managing these kinds of documents,
consider utilizing
http://kernsec.org/wiki/index.php/Linux_Kernel_Integrity

Thanks for the pointer. I tried creating an account, but the interface wouldn't let me. Who is managing it?

Stefan

- James

Next message: Linus Torvalds: "Re: [PATCH 0/4 v5 RESEND] devpts: handle bind-mounts correctly"
Previous message: Laurent Dufour: "[PATCH v9 21/24] perf tools: Add support for the SPF perf event"
In reply to: James Morris: "Re: [RFC PATCH 1/5] ima: extend clone() with IMA namespace support"
Next in thread: James Morris: "Re: [RFC PATCH 1/5] ima: extend clone() with IMA namespace support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]