On Mon, Jan 28, 2013 at 8:52 PM, Vivek Goyal vgo...@redhat.com wrote:
On Mon, Jan 28, 2013 at 05:20:20PM +0200, Kasatkin, Dmitry wrote:
[..]
Ok. I am hoping that it will be more than the kernel command line we
support. In the sense that for digital signatures one needs to parse
the
On Mon, Jan 28, 2013 at 08:48:55PM -0500, Mimi Zohar wrote:
[..]
Hi Mimi,
By policy you mean ima rules here? So I can either enable default rules
(tcb default rules for appraisal and measurement) by using kernel command
line options or dynamically configure my own rules using /sysfs
On Tue, Jan 29, 2013 at 10:48:00AM +0200, Kasatkin, Dmitry wrote:
On Mon, Jan 28, 2013 at 8:52 PM, Vivek Goyal vgo...@redhat.com wrote:
On Mon, Jan 28, 2013 at 05:20:20PM +0200, Kasatkin, Dmitry wrote:
[..]
Ok. I am hoping that it will be more than the kernel command line we
support.
On Tue, 2013-01-29 at 15:10 -0500, Vivek Goyal wrote:
On Tue, Jan 29, 2013 at 03:01:13PM -0500, Mimi Zohar wrote:
[..]
Hi Mimi,
Can we add another field to ima_rule_entry, say .enforcement to control
the behavior of .action. Possible values of .enforcement could be, say.
On Tue, Jan 29, 2013 at 11:58:53AM -0500, Vivek Goyal wrote:
On Mon, Jan 28, 2013 at 08:48:55PM -0500, Mimi Zohar wrote:
The assumption has always been that the initramfs would be measured, for
trusted boot, and appraised, for secure boot, before being executed.
Hi Mimi,
Ok. So for