From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
Subject: Re: [PATCH v7 00/16] EVM
Date: Thu, 30 Jun 2011 18:37:53 -0400
Message-ID: <1309473473.2857.5.camel@localhost.localdomain>
References: <CA323325.7D40%ryan.r.ware@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: "linux-security-module@vger.kernel.org"
	<linux-security-module@vger.kernel.org>,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	James Morris <jmorris@namei.org>,
	David Safford <safford@watson.ibm.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Greg KH <greg@kroah.com>,
	Dmitry Kasatkin <dmitry.s.kasatkin@gmail.com>
To: Ryan Ware <ware@linux.intel.com>
Return-path: <linux-security-module-owner@vger.kernel.org>
In-Reply-To: <CA323325.7D40%ryan.r.ware@intel.com>
Sender: linux-security-module-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Thu, 2011-06-30 at 14:06 -0700, Ryan Ware wrote:
> Glad to see this going in Mimi!  Looking forward to enabling this in our
> MeeGo kernels.
> 
> Ryan

I wish.  As far as I'm aware, EVM hasn't been upstreamed.  The good news
is that the ecryptfs encrypted-key patches are now in the
security-testing tree.

thanks,

Mimi

> On 6/29/11 12:50 PM, "Mimi Zohar" <zohar@linux.vnet.ibm.com> wrote:
> 
> >Discretionary Access Control(DAC) and Mandatory Access Control(MAC) can
> >protect the integrity of a running system from unauthorized changes. When
> >these protections are not running, such as when booting a malicious OS,
> >mounting the disk under a different operating system, or physically moving
> >the disk to another system, an "offline" attack is free to read and write
> >file data/metadata.
> >
> >...snip...
> 
>