On Thu, 08 Mar 2007 12:46:47 CST, "Serge E. Hallyn" said: > I think it should be done as both. The part which measures the > integrity of files should be an integrity subsystem. The part which > uses those results to either allow/refuse actions or take some other > action (i.e. shut down the system) should be an lsm.
That would be good - the allow/deny parts, being security, can use the existing LSM hooks, and the integrity part can use the LIM hooks. Umm... wait a minute - *what* Linux Integrity Module hooks? :)
pgpQPQfSZgbKt.pgp
Description: PGP signature