Received: by 10.213.65.68 with SMTP id h4csp502877imn; Tue, 13 Mar 2018 11:04:56 -0700 (PDT) X-Google-Smtp-Source: AG47ELsvcQDeIxY7y6RKtI7xZUB9qySFRcjm0giQEcXIAOK0s0nUciJb7JhXv4B4dqbnYZhIWrYJ X-Received: by 2002:a17:902:43e4:: with SMTP id j91-v6mr1394719pld.2.1520964296816; Tue, 13 Mar 2018 11:04:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520964296; cv=none; d=google.com; s=arc-20160816; b=OjrH/rRGAA0eIN+ZtNK9vVnPBpSmjes6yqOTQzKFiAlcomQGcSg0QM8y8TvHsOOhdi HcfAMDy2jHSfUfeZ9xgcRNG+QTB544A+mrotX9R2ZlsJt8K9/cWJjcAaN5+f1BN6PwRv 4v2SnpX8cCy0QVvk6m+xdZVelBhsdtF6LsAGQmxjVji+zFebHT4POD1oB6Li3h9nWm04 XbRVP87RJSyRgjeCpUONrVXjMyVuSOfk+Hni3ipyXZkLraGYytmqGoyrPRc5TuLUr8u6 e5xg5ARVh5EfU7AMIhans7J0wPXrc6LjhdpjyoVMGM3xkwtA59ayjFvJwHLdMACWljEF Dd/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:from:cc:references:to :subject:arc-authentication-results; bh=/tqwgqXRmybxDTYioEsYONJgtfv8AsykQthi+q1g4Og=; b=PlxdF2MvqeggwRScv8psFqeaR+stX3oO/RsTUTnuhdjQBCHz6x/a31O5jmmiSb5Gcz Z8t3Pg2KTjzhv3jZNGyIg1F8/ndDFNbdfuwCOnZ6KJ98FDotCEcrjwFhFApaIWznUvvO SpGG68tsA/cNPBBGirYDtJEusu2loqTAoIC2MBh8Q3xQNRBiEgxkVf5PF4akGjmp8Ofr RpQx8/iQ5VzwawUVDr7QtEJsbP88yr9zE0QSx7dmyvDZrpNO1MAuDgUxuq4VwtGdeRQ8 YqjU9Edn5c9tMv4p6kn38hn3HK0XuysBTaFI61j2Namt2DTkW+9Eqq/rsx6s/gYCOL1s Io8A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z21si540086pfa.33.2018.03.13.11.04.33; Tue, 13 Mar 2018 11:04:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753091AbeCMSCO (ORCPT + 99 others); Tue, 13 Mar 2018 14:02:14 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:60266 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753069AbeCMSCL (ORCPT ); Tue, 13 Mar 2018 14:02:11 -0400 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w2DHwqik118561 for ; Tue, 13 Mar 2018 14:02:11 -0400 Received: from e33.co.us.ibm.com (e33.co.us.ibm.com [32.97.110.151]) by mx0a-001b2d01.pphosted.com with ESMTP id 2gphg7wu7c-1 (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NOT) for ; Tue, 13 Mar 2018 14:02:10 -0400 Received: from localhost by e33.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 13 Mar 2018 12:02:08 -0600 Received: from b03cxnp08028.gho.boulder.ibm.com (9.17.130.20) by e33.co.us.ibm.com (192.168.1.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 13 Mar 2018 12:02:04 -0600 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w2DI24If6357288; Tue, 13 Mar 2018 11:02:04 -0700 Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 514C16A043; Tue, 13 Mar 2018 12:02:04 -0600 (MDT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP id 507F56A03C; Tue, 13 Mar 2018 12:02:03 -0600 (MDT) Subject: Re: [RFC PATCH 1/5] ima: extend clone() with IMA namespace support To: James Morris References: <20170720225033.21298-1-mkayaalp@linux.vnet.ibm.com> <20170720225033.21298-2-mkayaalp@linux.vnet.ibm.com> <20170725175317.GA727@mail.hallyn.com> <1501008554.3689.30.camel@HansenPartnership.com> <20170725190406.GA1883@mail.hallyn.com> <1501009739.3689.33.camel@HansenPartnership.com> <1501012082.27413.17.camel@linux.vnet.ibm.com> <645db815-7773-e351-5db7-89f38cd88c3d@linux.vnet.ibm.com> <20170725204622.GA4969@mail.hallyn.com> <97839865-b0ab-8e5d-114e-0603ef2edf6f@linux.vnet.ibm.com> <20180309025942.GA15295@mail.hallyn.com> Cc: "Serge E. Hallyn" , Mehmet Kayaalp , Mehmet Kayaalp , Yuqiong Sun , containers , linux-kernel , David Safford , James Bottomley , linux-security-module , ima-devel , Yuqiong Sun , Mimi Zohar From: Stefan Berger Date: Tue, 13 Mar 2018 14:02:02 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 x-cbid: 18031318-0008-0000-0000-00000973D5A0 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008667; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000254; SDB=6.01002542; UDB=6.00510135; IPR=6.00781872; MB=3.00020011; MTD=3.00000008; XFM=3.00000015; UTC=2018-03-13 18:02:07 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18031318-0009-0000-0000-00004660553C Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-03-13_08:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1803130203 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/11/2018 06:58 PM, James Morris wrote: > On Fri, 9 Mar 2018, Stefan Berger wrote: > >> Yuqiong is publishing a paper in this area. I believe the conference is only >> later this year. >> >> Our goals are to enable IMA measurements, appraisal, and auditing inside a >> container using namespaces. > This is excellent to have -- can you include this requirements analysis as > a file Documentation/security on the next posting? > > Also, if you need a public space for managing these kinds of documents, > consider utilizing > http://kernsec.org/wiki/index.php/Linux_Kernel_Integrity Thanks for the pointer. I tried creating an account, but the interface wouldn't let me. Who is managing it? Stefan > > > - James