Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1419537pxa; Sun, 2 Aug 2020 07:05:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwGXzt30QivUFQKP5x3rSBMBOfY8VN+RRt8LkE5/o6Uc1u3vnf73ilE1auUy2DQ1R2aqUQ5 X-Received: by 2002:aa7:d688:: with SMTP id d8mr12108029edr.168.1596377152335; Sun, 02 Aug 2020 07:05:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596377152; cv=none; d=google.com; s=arc-20160816; b=s9qrNQsodvRN5F91D3E7D68+ryiOoo4KHNxI5AXWuY5ww/U1H1sZcyX54sCNp1KD3l kptV1GqC52S2PCutNtEBiatV7OW2zed+kKKut6G38fMSopVrIQbD8ho7Xja6OSx6E3EJ UCvPE61DCPwvrO4sLyYmWKW1zIjDAieHVvh1MBCHyzQEfr0thAVmxUGcvvod7C3uF/Ip miCAojolnU1k6XiR0ukF0uINkKrZ3htH7DARr4THZ0lpZGEb8ldj2GykQrxYaPGN8ukP 2rs/qVDa64rZOPHQnM/cxuGm3YRkrmV3PuEQtK5mnbUTfzhD65p3P3d2+3SoDI0Ngq1s g17A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=z65T3T8nr/crf6U2trUalZTj4N3lMFdDD244ds5H0uE=; b=eI+CYHXnrrwJPwpuJAKp/RPAJVSPR/PDNtH98S1BM4F30K2BsVy2EB1H9wdMtG/18r 3KsuU7z9zv1a5hcdAQWuqQvSR8ULuUBMOqNRrokXfx5ORUifwwLCBOO0btNPOl5QrIv3 IkejA05V5nQlOWxCuOZgXqyOPrqwg0IIgfmqdxh+OObk9tzHY19SBzjv0NUH86Y3085t p05XMpUHQJFpRLu7pW0X+z0mqejROhHxNcmzWsnE+aaNkJF0aJW6hRgCkBUEFyyqqpXG mZ9CibwQjefC+MOXdll5DWq9leR6OIUXd9nI2r9svl5OHzbINnOaCjSL/ZNR9aOerd3B XILA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=KCCoZzei; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c2si3258970ejn.2.2020.08.02.07.05.30; Sun, 02 Aug 2020 07:05:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=KCCoZzei; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725906AbgHBODC (ORCPT + 99 others); Sun, 2 Aug 2020 10:03:02 -0400 Received: from mail.kernel.org ([198.145.29.99]:33006 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725290AbgHBODC (ORCPT ); Sun, 2 Aug 2020 10:03:02 -0400 Received: from localhost (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9C47E206DA; Sun, 2 Aug 2020 14:03:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596376981; bh=MfDHqqMit+hSKntxVK7N8UOl+i+Xf4TOcn3dkPfEHKU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=KCCoZzei4YlvGLCmLc3F1NM+BrofKE3kQF8HLCrDkY2lDxQxTw63qkeOGAHmCRD76 GVUrM5QtLJnVKiPvc7hYGcIT3AdB0B0ALUf7lporEw3MmHSSbo4UmpFVUge1Ch2cLu O6MjbhBEky6VmkG385W9qB/PYFp2LofpLD5oHFF0= Date: Sun, 2 Aug 2020 10:03:00 -0400 From: Sasha Levin To: Pavel Machek Cc: Deven Bowers , agk@redhat.com, axboe@kernel.dk, snitzer@redhat.com, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, viro@zeniv.linux.org.uk, paul@paul-moore.com, eparis@redhat.com, jannh@google.com, dm-devel@redhat.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, linux-audit@redhat.com, tyhicks@linux.microsoft.com, linux-kernel@vger.kernel.org, corbet@lwn.net, jaskarankhurana@linux.microsoft.com, mdsakib@microsoft.com, nramas@linux.microsoft.com, pasha.tatashin@soleen.com Subject: Re: [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE) Message-ID: <20200802140300.GA2975990@sasha-vm> References: <20200728213614.586312-1-deven.desai@linux.microsoft.com> <20200802115545.GA1162@bug> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20200802115545.GA1162@bug> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Aug 02, 2020 at 01:55:45PM +0200, Pavel Machek wrote: >Hi! > >> IPE is a Linux Security Module which allows for a configurable >> policy to enforce integrity requirements on the whole system. It >> attempts to solve the issue of Code Integrity: that any code being >> executed (or files being read), are identical to the version that >> was built by a trusted source. > >How is that different from security/integrity/ima? Maybe if you would have read the cover letter all the way down to the 5th paragraph which explains how IPE is different from IMA we could avoided this mail exchange... -- Thanks, Sasha