On Dec 19, 2012 9:23 PM, "Maxim Kammerer" <[email protected]> wrote: > > On Wed, Dec 19, 2012 at 10:02 PM, "Tóth Attila" <[email protected]> wrote: > > Integrity Measurement Architecture sounds interesting. > > Last time I have looked into deploying IMA in Liberté Linux, it seemed > like a world of pain with outdated kernel patches and a requirement > for SELinux if you didn't want to guess the exact form in which file > hashes would propagate into IMA backend. You can also forget about it > working with anything non-standard like Unionfs. Use Busybox in > initramfs? Its mount doesn't support -o iversion. Etc. etc. > https://github.com/mkdesu/liberte/commit/73f7bf3
IMA and EVM are the initial scope (but I don't want to end with just IMA/EVM) of the system integrity subproject of Gentoo Hardened. I have had good success with the ima patches (which were previously not merged) and I hope that 3.7, when available as hardened-sources, allows our users to play with IMA as well. I will be providing an IMA-enabled (with appraisal active) VM as well then. There is already some content on the subproject site ( http://www.gentoo.org/proj/en/hardened/integrity/index.xml) but more will follow soon. Wkr, Sven Vermeulen
