Received: by 10.213.65.68 with SMTP id h4csp609475imn; Tue, 13 Mar 2018 14:53:40 -0700 (PDT) X-Google-Smtp-Source: AG47ELta3nj8H21hHhUP+QknsdmmzdWciZ5SaTiYQnxNqXcI9WZ+XAU5jqijDVx2HB4iKxavrs1T X-Received: by 10.98.170.13 with SMTP id e13mr2019363pff.113.1520978020912; Tue, 13 Mar 2018 14:53:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520978020; cv=none; d=google.com; s=arc-20160816; b=aL34Tg3ZGUj/KMmuOqCzeI7A+KYlcw5ngPLd7Qb73OGzam1abjanN/yZ0CNBwJ0GRM fUTdBpl2mYbtAUl1OjLBMqFwjZo7nlgGF+rUz9SHAckFWwBHM3PuqxUgqeSjOhkqv7HO gyrLZ2kci8kCflHJn111CgHAGENlwdqDA1dYcsN6Usn/HAav7xRKVLImY4Q9UGlT2Q/j 8QGhsw/6Zpv5mdDP0msR0O/2cuZFMh5hSGeBk2qobmThebmQ8p2qXaro+HPS9KjF1UOJ g6ywAypHBc8Qj3xHggiik/Bael/JBtRy197nCXgf3RnBsr6cKsYqkK7Dl1Rewo/ZiJU5 Ml9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=0Qtp7Yb39/FQ/vgKuE2ImOfd/JFlO9u8KxcuKmS8uBQ=; b=p0+Uk8yy92U0+VnE5ToYHsgog5sMM8nLhzfmlUvKCPUeCkdmgKju4z1ae+Nkmj/sZK zMSBsJ8v9Rn6559pQ8t+fpO4xvB2S0aDuZe6rISgdXd7fDLYWCWtdxRPI6igjGBBOOEJ fgnU5TosauB61jge5eTRGJDmO+n4kBbwFzdb/4bSpMmv33GTFjciJ12tZSq3pLNc40+w 0jQC7WbqyKoYf77azIt6a3naviUsYSFi5PLIPESMf+z143UCx6QPslKL5QHI0cJ3PGSq nXa01r5/qgcsaugU5Rxz9I4oXlTgPWbHese84J/ZKla+zK0QdJiyGmxSiynsP1AzHaBh 55eA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r9si846432pfg.165.2018.03.13.14.53.26; Tue, 13 Mar 2018 14:53:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753078AbeCMVwW (ORCPT + 99 others); Tue, 13 Mar 2018 17:52:22 -0400 Received: from namei.org ([65.99.196.166]:52894 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752100AbeCMVwU (ORCPT ); Tue, 13 Mar 2018 17:52:20 -0400 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id w2DLpmmj018533; Tue, 13 Mar 2018 21:51:48 GMT Date: Wed, 14 Mar 2018 08:51:48 +1100 (AEDT) From: James Morris To: Stefan Berger cc: "Serge E. Hallyn" , Mehmet Kayaalp , Mehmet Kayaalp , Yuqiong Sun , containers , linux-kernel , David Safford , James Bottomley , linux-security-module , ima-devel , Yuqiong Sun , Mimi Zohar Subject: Re: [RFC PATCH 1/5] ima: extend clone() with IMA namespace support In-Reply-To: Message-ID: References: <20170720225033.21298-1-mkayaalp@linux.vnet.ibm.com> <20170720225033.21298-2-mkayaalp@linux.vnet.ibm.com> <20170725175317.GA727@mail.hallyn.com> <1501008554.3689.30.camel@HansenPartnership.com> <20170725190406.GA1883@mail.hallyn.com> <1501009739.3689.33.camel@HansenPartnership.com> <1501012082.27413.17.camel@linux.vnet.ibm.com> <645db815-7773-e351-5db7-89f38cd88c3d@linux.vnet.ibm.com> <20170725204622.GA4969@mail.hallyn.com> <97839865-b0ab-8e5d-114e-0603ef2edf6f@linux.vnet.ibm.com> <20180309025942.GA15295@mail.hallyn.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 13 Mar 2018, Stefan Berger wrote: > On 03/11/2018 06:58 PM, James Morris wrote: > > On Fri, 9 Mar 2018, Stefan Berger wrote: > > > > > Yuqiong is publishing a paper in this area. I believe the conference is > > > only > > > later this year. > > > > > > Our goals are to enable IMA measurements, appraisal, and auditing inside a > > > container using namespaces. > > This is excellent to have -- can you include this requirements analysis as > > a file Documentation/security on the next posting? > > > > Also, if you need a public space for managing these kinds of documents, > > consider utilizing > > http://kernsec.org/wiki/index.php/Linux_Kernel_Integrity > > Thanks for the pointer. I tried creating an account, but the interface > wouldn't let me. Who is managing it? Email me for an account, per the note on the front page. -- James Morris