Re: [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE)

From: Sasha Levin
Date: Sun Aug 02 2020 - 10:03:04 EST

Next message: Doug Smythies: "RE: [PATCH v4 2/2] cpufreq: intel_pstate: Implement passive mode with HWP enabled"
Previous message: Doug Smythies: "RE: [PATCH v4 0/2] cpufreq: intel_pstate: Implement passive mode with HWP enabled"
In reply to: Pavel Machek: "Re: [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE)"
Next in thread: Pavel Machek: "Re: [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Aug 02, 2020 at 01:55:45PM +0200, Pavel Machek wrote:

Hi!

IPE is a Linux Security Module which allows for a configurable
policy to enforce integrity requirements on the whole system. It
attempts to solve the issue of Code Integrity: that any code being
executed (or files being read), are identical to the version that
was built by a trusted source.

How is that different from security/integrity/ima?

Maybe if you would have read the cover letter all the way down to the
5th paragraph which explains how IPE is different from IMA we could
avoided this mail exchange...

--
Thanks,
Sasha

Next message: Doug Smythies: "RE: [PATCH v4 2/2] cpufreq: intel_pstate: Implement passive mode with HWP enabled"
Previous message: Doug Smythies: "RE: [PATCH v4 0/2] cpufreq: intel_pstate: Implement passive mode with HWP enabled"
In reply to: Pavel Machek: "Re: [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE)"
Next in thread: Pavel Machek: "Re: [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]