Received: by 10.213.65.68 with SMTP id h4csp502877imn;
        Tue, 13 Mar 2018 11:04:56 -0700 (PDT)
X-Google-Smtp-Source: AG47ELsvcQDeIxY7y6RKtI7xZUB9qySFRcjm0giQEcXIAOK0s0nUciJb7JhXv4B4dqbnYZhIWrYJ
X-Received: by 2002:a17:902:43e4:: with SMTP id j91-v6mr1394719pld.2.1520964296816;
        Tue, 13 Mar 2018 11:04:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1520964296; cv=none;
        d=google.com; s=arc-20160816;
        b=OjrH/rRGAA0eIN+ZtNK9vVnPBpSmjes6yqOTQzKFiAlcomQGcSg0QM8y8TvHsOOhdi
         HcfAMDy2jHSfUfeZ9xgcRNG+QTB544A+mrotX9R2ZlsJt8K9/cWJjcAaN5+f1BN6PwRv
         4v2SnpX8cCy0QVvk6m+xdZVelBhsdtF6LsAGQmxjVji+zFebHT4POD1oB6Li3h9nWm04
         XbRVP87RJSyRgjeCpUONrVXjMyVuSOfk+Hni3ipyXZkLraGYytmqGoyrPRc5TuLUr8u6
         e5xg5ARVh5EfU7AMIhans7J0wPXrc6LjhdpjyoVMGM3xkwtA59ayjFvJwHLdMACWljEF
         Dd/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:content-transfer-encoding
         :in-reply-to:mime-version:user-agent:date:from:cc:references:to
         :subject:arc-authentication-results;
        bh=/tqwgqXRmybxDTYioEsYONJgtfv8AsykQthi+q1g4Og=;
        b=PlxdF2MvqeggwRScv8psFqeaR+stX3oO/RsTUTnuhdjQBCHz6x/a31O5jmmiSb5Gcz
         Z8t3Pg2KTjzhv3jZNGyIg1F8/ndDFNbdfuwCOnZ6KJ98FDotCEcrjwFhFApaIWznUvvO
         SpGG68tsA/cNPBBGirYDtJEusu2loqTAoIC2MBh8Q3xQNRBiEgxkVf5PF4akGjmp8Ofr
         RpQx8/iQ5VzwawUVDr7QtEJsbP88yr9zE0QSx7dmyvDZrpNO1MAuDgUxuq4VwtGdeRQ8
         YqjU9Edn5c9tMv4p6kn38hn3HK0XuysBTaFI61j2Namt2DTkW+9Eqq/rsx6s/gYCOL1s
         Io8A==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z21si540086pfa.33.2018.03.13.11.04.33;
        Tue, 13 Mar 2018 11:04:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753091AbeCMSCO (ORCPT <rfc822;utfcpqpk@gmail.com> + 99 others);
        Tue, 13 Mar 2018 14:02:14 -0400
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:60266 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1753069AbeCMSCL (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 13 Mar 2018 14:02:11 -0400
Received: from pps.filterd (m0098410.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w2DHwqik118561
        for <linux-kernel@vger.kernel.org>; Tue, 13 Mar 2018 14:02:11 -0400
Received: from e33.co.us.ibm.com (e33.co.us.ibm.com [32.97.110.151])
        by mx0a-001b2d01.pphosted.com with ESMTP id 2gphg7wu7c-1
        (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Tue, 13 Mar 2018 14:02:10 -0400
Received: from localhost
        by e33.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <stefanb@linux.vnet.ibm.com>;
        Tue, 13 Mar 2018 12:02:08 -0600
Received: from b03cxnp08028.gho.boulder.ibm.com (9.17.130.20)
        by e33.co.us.ibm.com (192.168.1.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        Tue, 13 Mar 2018 12:02:04 -0600
Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234])
        by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w2DI24If6357288;
        Tue, 13 Mar 2018 11:02:04 -0700
Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 514C16A043;
        Tue, 13 Mar 2018 12:02:04 -0600 (MDT)
Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153])
        by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP id 507F56A03C;
        Tue, 13 Mar 2018 12:02:03 -0600 (MDT)
Subject: Re: [RFC PATCH 1/5] ima: extend clone() with IMA namespace support
To:     James Morris <jmorris@namei.org>
References: <20170720225033.21298-1-mkayaalp@linux.vnet.ibm.com>
 <20170720225033.21298-2-mkayaalp@linux.vnet.ibm.com>
 <20170725175317.GA727@mail.hallyn.com>
 <1501008554.3689.30.camel@HansenPartnership.com>
 <20170725190406.GA1883@mail.hallyn.com>
 <1501009739.3689.33.camel@HansenPartnership.com>
 <1501012082.27413.17.camel@linux.vnet.ibm.com>
 <645db815-7773-e351-5db7-89f38cd88c3d@linux.vnet.ibm.com>
 <20170725204622.GA4969@mail.hallyn.com>
 <97839865-b0ab-8e5d-114e-0603ef2edf6f@linux.vnet.ibm.com>
 <20180309025942.GA15295@mail.hallyn.com>
 <ec137677-34f8-df91-0d1c-6c6d6c951496@linux.vnet.ibm.com>
 <alpine.LRH.2.21.1803120953310.26512@namei.org>
Cc:     "Serge E. Hallyn" <serge@hallyn.com>,
        Mehmet Kayaalp <mkayaalp@cs.binghamton.edu>,
        Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>,
        Yuqiong Sun <sunyuqiong1988@gmail.com>,
        containers <containers@lists.linux-foundation.org>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        David Safford <david.safford@ge.com>,
        James Bottomley <James.Bottomley@HansenPartnership.com>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        ima-devel <linux-ima-devel@lists.sourceforge.net>,
        Yuqiong Sun <suny@us.ibm.com>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>
From:   Stefan Berger <stefanb@linux.vnet.ibm.com>
Date:   Tue, 13 Mar 2018 14:02:02 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <alpine.LRH.2.21.1803120953310.26512@namei.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-TM-AS-GCONF: 00
x-cbid: 18031318-0008-0000-0000-00000973D5A0
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008667; HX=3.00000241; KW=3.00000007;
 PH=3.00000004; SC=3.00000254; SDB=6.01002542; UDB=6.00510135; IPR=6.00781872;
 MB=3.00020011; MTD=3.00000008; XFM=3.00000015; UTC=2018-03-13 18:02:07
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18031318-0009-0000-0000-00004660553C
Message-Id: <c39350db-046f-ea70-15e4-210884548b1e@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-03-13_08:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
 definitions=main-1803130203
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 03/11/2018 06:58 PM, James Morris wrote:
> On Fri, 9 Mar 2018, Stefan Berger wrote:
>
>> Yuqiong is publishing a paper in this area. I believe the conference is only
>> later this year.
>>
>> Our goals are to enable IMA measurements, appraisal, and auditing inside a
>> container using namespaces.
> This is excellent to have -- can you include this requirements analysis as
> a file Documentation/security on the next posting?
>
> Also, if you need a public space for managing these kinds of documents,
> consider utilizing
> http://kernsec.org/wiki/index.php/Linux_Kernel_Integrity

Thanks for the pointer. I tried creating an account, but the interface 
wouldn't let me. Who is managing it?

    Stefan

>
>
> - James