Quoting Casey Schaufler ([EMAIL PROTECTED]): > > --- "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote: > > > > It's unfortunate, agreed, but > > > > use of LSM as an integrity framework was also a > > no-go. > > You're going to have to justify this assertion.
You misunderstand. I wasn't saying it wouldn't work :) I was saying that it's been said repeatedly that evm should be implemented as an integrity, not security, module. I think it should be done as both. The part which measures the integrity of files should be an integrity subsystem. The part which uses those results to either allow/refuse actions or take some other action (i.e. shut down the system) should be an lsm. > I know of at least one work-in-progress for which > LSM works just fine. Not to mention the Integrity > claims of SELinux. -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/