Re: [PATCH v7 00/16] EVM

[Ware, Ryan R]

On Thu, Jun 30, 2011 at 3:37 PM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
>
> On Thu, 2011-06-30 at 14:06 -0700, Ryan Ware wrote:
> > Glad to see this going in Mimi!  Looking forward to enabling this in our
> > MeeGo kernels.
> >
> > Ryan
>
> I wish.  As far as I'm aware, EVM hasn't been upstreamed.  The good news
> is that the ecryptfs encrypted-key patches are now in the
> security-testing tree.

True.  My wording should have been clearer.  It's definitely good to
have the ecryptfs patches in.

>
> > On 6/29/11 12:50 PM, "Mimi Zohar" <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> >
> > >Discretionary Access Control(DAC) and Mandatory Access Control(MAC) can
> > >protect the integrity of a running system from unauthorized changes. When
> > >these protections are not running, such as when booting a malicious OS,
> > >mounting the disk under a different operating system, or physically moving
> > >the disk to another system, an "offline" attack is free to read and write
> > >file data/metadata.
> > >
> > >...snip...
> >
> >
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/