| 1 |
On Dec 19, 2012 9:23 PM, "Maxim Kammerer" <mk@×××.su> wrote: |
| 2 |
> |
| 3 |
> On Wed, Dec 19, 2012 at 10:02 PM, "Tóth Attila" <atoth@××××××××××.hu> |
| 4 |
wrote: |
| 5 |
> > Integrity Measurement Architecture sounds interesting. |
| 6 |
> |
| 7 |
> Last time I have looked into deploying IMA in Liberté Linux, it seemed |
| 8 |
> like a world of pain with outdated kernel patches and a requirement |
| 9 |
> for SELinux if you didn't want to guess the exact form in which file |
| 10 |
> hashes would propagate into IMA backend. You can also forget about it |
| 11 |
> working with anything non-standard like Unionfs. Use Busybox in |
| 12 |
> initramfs? Its mount doesn't support -o iversion. Etc. etc. |
| 13 |
> https://github.com/mkdesu/liberte/commit/73f7bf3 |
| 14 |
|
| 15 |
IMA and EVM are the initial scope (but I don't want to end with just |
| 16 |
IMA/EVM) of the system integrity subproject of Gentoo Hardened. I have had |
| 17 |
good success with the ima patches (which were previously not merged) and I |
| 18 |
hope that 3.7, when available as hardened-sources, allows our users to play |
| 19 |
with IMA as well. |
| 20 |
|
| 21 |
I will be providing an IMA-enabled (with appraisal active) VM as well then. |
| 22 |
|
| 23 |
There is already some content on the subproject site ( |
| 24 |
http://www.gentoo.org/proj/en/hardened/integrity/index.xml) but more will |
| 25 |
follow soon. |
| 26 |
|
| 27 |
Wkr, |
| 28 |
Sven Vermeulen |
Archives