Re: [Linux-ima-user] (no subject)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Sun, 2010-08-01 at 14:19 +0100, chloé Fouquet wrote:
> Hi,
> 
> I would like to create an application that can open and edit
> documents. Which IMA measurements should I have a look at in order to
> know if my access control policy other the documents will be applied
> and that the application can be trusted and has not been modified ?
> 
> Cheers,
> 
> Chloé

For Mandatory Access Control(MAC) you have a choice of SELinux, Smack,
Tomoyo and now, as of last week, AppArmor.  Currently, IMA maintains an
integrity measurement list
(<securityfs>/ima/ascii_runtime_measurements), but does not enforce
integrity. You can validate the measurement list and make sure the hash
of your application has not changed. The LTP testsuite contains an
example of validating the IMA measurement list
(<ltp>/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh). The
EVM/IMA-appraisal patches, if/when accepted, will add integrity
enforcement.

Mimi