On Fri, Feb 25, 2022 at 02:11:04PM -0500, Mimi Zohar wrote:
On Fri, 2022-02-25 at 08:41 +0000, Roberto Sassu wrote:
From: Mimi Zohar [mailto:zohar@linux.ibm.com] Sent: Friday, February 25, 2022 1:22 AM Hi Roberto,
On Tue, 2022-02-15 at 13:40 +0100, Roberto Sassu wrote:
Extend the interoperability with IMA, to give wider flexibility for the implementation of integrity-focused LSMs based on eBPF.
I've previously requested adding eBPF module measurements and signature verification support in IMA. There seemed to be some interest, but nothing has been posted.
Hi Mimi
for my use case, DIGLIM eBPF, IMA integrity verification is needed until the binary carrying the eBPF program is executed as the init process. I've been thinking to use an appended signature to overcome the limitation of lack of xattrs in the initial ram disk.
I would still like to see xattrs supported in the initial ram disk. Assuming you're still interested in pursuing it, someone would need to review and upstream it. Greg?
Me? How about the filesystem maintainers and developers? :)
There's a reason we never added xattrs support to ram disks, but I can't remember why...
thanks,
gre gk-h