| 1 |
On Jun 11, 2013 10:11 PM, "Jacek" <wampir98@×××××.com> wrote: |
| 2 |
> Second problem - in progress: |
| 3 |
> rootfs mount with i_version flags, /var/log, /var/portage, /home .... |
| 4 |
> on other partitions, without i_version mount option? |
| 5 |
> whether it will work? |
| 6 |
|
| 7 |
You meed i_version mounts otherwise changes on files are not detected and |
| 8 |
ima/evm wouldn't update their attributes iirc. That would lead to |
| 9 |
inaccessible files then. |
| 10 |
|
| 11 |
> SELinux? I tried several times, but I always have quite a few errors, |
| 12 |
while grsec RBAC and configuration in / etc / grsec / policy does not cause |
| 13 |
any troubles. |
| 14 |
|
| 15 |
The problem is that these lack labelling support of any kind. Ima policy |
| 16 |
cannot be tweaked based on paths, only on contexts (or filesystem types). |
| 17 |
|
| 18 |
Wkr, |
| 19 |
Sven |
Archives