On 22 February 2012 04:54, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
Hi Roberto,

The only package we have at the moment is Dmitry Kasatkin's evm-utils
git://linux-ima.git.sourceforge.net/gitroot/linux-ima/evm-utils used for
labeling the filesystem with security.evm/security.ima digital
signatures.

There's still a lot left to do, but we've started updating the linux-ima
Wiki:
https://sourceforge.net/apps/mediawiki/linux-ima/index.php?title=Main_Page

thanks,

Mimi

Hi Mimi,
Could you please elaborate on the wiki what the ima_appraise options actually mean? I can take a guess, but a simple table explaining exactly what they are would be useful. Same with the evm options.

Additionally, the wiki (as I have read it) suggests that measuring is enabled and on when the ima_tcb kernel option is given. From what you've written on the list, it should be possible to appraise when a file is mmapped, opened or executed according to the policy without being measured. Can you make this a bit more explicit in the wiki, explaining what the measurement options are to enable/disable measurement? If this is done via the policy instead of via a kernel option, can you adjust that as well (I don't know if there's a policy option of appraise only)?

You're doing some great work here. While I'm not using IMA for attestation, I'm planning on verifying all my configuration files and executables. The features you've got ready for the 3.3 merge seem to fit exactly what I'm after, but I need to know what to set in kernel first. Keep up the good work.

--
Michael Cassaniti
http://mcassaniti.dyndns.org