Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261511AbVETRis (ORCPT ); Fri, 20 May 2005 13:38:48 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261518AbVETRir (ORCPT ); Fri, 20 May 2005 13:38:47 -0400 Received: from igw2.watson.ibm.com ([129.34.20.6]:18060 "EHLO igw2.watson.ibm.com") by vger.kernel.org with ESMTP id S261511AbVETRii (ORCPT ); Fri, 20 May 2005 13:38:38 -0400 Date: Fri, 20 May 2005 13:38:28 -0400 (Eastern Daylight Time) From: Reiner Sailer To: James Morris cc: linux-kernel@vger.kernel.org, Andrew Morton , Chris Wright , emilyr@us.ibm.com, yoder1@us.ibm.com, kjhall@us.ltcfwd.linux.ibm.com, linux-kernel@vger.kernel.org, toml@us.ibm.com Subject: Re: [PATCH 1 of 4] ima: related TPM device driver interal kernel interface Message-ID: X-Warning: UNAuthenticated Sender MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1684 Lines: 47 James Morris wrote on 05/20/2005 10:56:20 AM: > Why are you using LSM for this? > > LSM should be used for comprehensive access control frameworks which > significantly enhance or even replace existing Unix DAC security. I see LSM is framework for security. IMA is an architecture that enforces access control in a different way than SELinux. IMA guarantees that executable content is measured and accounted for before it is loaded and can access (and possibly corrupt) system resources. > We're going to end up with a proliferation of arbitrary security features > lacking an overall architectural view (I've written about this before, > see http://www.ussg.iu.edu/hypermail/linux/kernel/0503.1/0300.html). > > I think it would be better to implement this directly. The reason IMA is implemented as a Linux security module is that the LSM interface allows the least intrusive implementation with regard to existing kernel code. IMA is non-intrusive (its hooks return always nicely) and implements security guarantees that are orthogonal to those of, e.g., SELinux. Interactions with other LSM users are not expected. Experience shows that maintining IMA as LSM is simple. There is no reason though why IMA must use LSM; however, it seems not the straightforward solution to replicate LSM hooks that are already available. > > - James > -- > James Morris > > > Thanks Reiner - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/