On Thu, 2007-03-08 at 15:38 -0500, [EMAIL PROTECTED] wrote: > On Thu, 08 Mar 2007 12:46:47 CST, "Serge E. Hallyn" said: > > I think it should be done as both. The part which measures the > > integrity of files should be an integrity subsystem. The part which > > uses those results to either allow/refuse actions or take some other > > action (i.e. shut down the system) should be an lsm. > > That would be good - the allow/deny parts, being security, can use the > existing LSM hooks, and the integrity part can use the LIM hooks. > > Umm... wait a minute - *what* Linux Integrity Module hooks? :)
Hm, integrity-service-api-and-dummy-provider.patch contains: integrity_verify_metadata, integrity_verify_data, and integrity_measure, which could be referred to as either LIM hooks or as the API. This patch set adds 8 new LIM hooks. Mimi Zohar - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
