Mailing List Archive

Integrity Measurement Architecture sounds interesting.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057

2012.December 19.(Sze) 20:00 időpontban 7v5w7go9ub0o ezt írta:
> Found this interesting:
>
> <http://www.h-online.com/open/features/Kernel-Log-Coming-in-3-7-Part-3-Infrastructure-1755953.html>
>
> Are there Gentoo guidelines on using these new kernel features?
>
> TIA
>

On Wed, Dec 19, 2012 at 10:02 PM, "Tóth Attila" <atoth@atoth.sote.hu> wrote:
> Integrity Measurement Architecture sounds interesting.

Last time I have looked into deploying IMA in Liberté Linux, it seemed
like a world of pain with outdated kernel patches and a requirement
for SELinux if you didn't want to guess the exact form in which file
hashes would propagate into IMA backend. You can also forget about it
working with anything non-standard like Unionfs. Use Busybox in
initramfs? Its mount doesn't support -o iversion. Etc. etc.
https://github.com/mkdesu/liberte/commit/73f7bf3

--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte

On Dec 19, 2012 9:23 PM, "Maxim Kammerer" <mk@dee.su> wrote:
>
> On Wed, Dec 19, 2012 at 10:02 PM, "Tóth Attila" <atoth@atoth.sote.hu>
wrote:
> > Integrity Measurement Architecture sounds interesting.
>
> Last time I have looked into deploying IMA in Liberté Linux, it seemed
> like a world of pain with outdated kernel patches and a requirement
> for SELinux if you didn't want to guess the exact form in which file
> hashes would propagate into IMA backend. You can also forget about it
> working with anything non-standard like Unionfs. Use Busybox in
> initramfs? Its mount doesn't support -o iversion. Etc. etc.
> https://github.com/mkdesu/liberte/commit/73f7bf3

IMA and EVM are the initial scope (but I don't want to end with just
IMA/EVM) of the system integrity subproject of Gentoo Hardened. I have had
good success with the ima patches (which were previously not merged) and I
hope that 3.7, when available as hardened-sources, allows our users to play
with IMA as well.

I will be providing an IMA-enabled (with appraisal active) VM as well then.

There is already some content on the subproject site (
http://www.gentoo.org/proj/en/hardened/integrity/index.xml) but more will
follow soon.

Wkr,
Sven Vermeulen

Hi!

On Wed, Dec 19, 2012 at 02:00:59PM -0500, 7v5w7go9ub0o wrote:
> Found this interesting:

New features are cool, but maybe someone finally will fix broken for year(s)
VMware/Virtualbox on hardened amd64? I think this is much more important.
Sorry for offtopic.

--
WBR, Alex.

On Wed, Dec 19, 2012 at 11:55 PM, Sven Vermeulen
<sven.vermeulen@siphos.be> wrote:
> I will be providing an IMA-enabled (with appraisal active) VM as well then.

That will be highly useful for deploying custom IMA configurations indeed.

--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte