From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ryan Ware <ware@linux.intel.com>
Subject: Re: [PATCH v7 00/16] EVM
Date: Thu, 30 Jun 2011 14:06:39 -0700
Message-ID: <CA323325.7D40%ryan.r.ware@intel.com>
References: <1309377038-4550-1-git-send-email-zohar@linux.vnet.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Cc: <linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
	James Morris <jmorris@namei.org>,
	David Safford <safford@watson.ibm.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Greg KH <greg@kroah.com>,
	Dmitry Kasatkin <dmitry.s.kasatkin@gmail.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>,
	"linux-security-module@vger.kernel.org"
	<linux-security-module@vger.kernel.org>
Return-path: <linux-security-module-owner@vger.kernel.org>
In-Reply-To: <1309377038-4550-1-git-send-email-zohar@linux.vnet.ibm.com>
Sender: linux-security-module-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

Glad to see this going in Mimi!  Looking forward to enabling this in our
MeeGo kernels.

Ryan

On 6/29/11 12:50 PM, "Mimi Zohar" <zohar@linux.vnet.ibm.com> wrote:

>Discretionary Access Control(DAC) and Mandatory Access Control(MAC) can
>protect the integrity of a running system from unauthorized changes. When
>these protections are not running, such as when booting a malicious OS,
>mounting the disk under a different operating system, or physically moving
>the disk to another system, an "offline" attack is free to read and write
>file data/metadata.
>
>...snip...