On Jun 11, 2013 10:11 PM, "Jacek" <[email protected]> wrote: > Second problem - in progress: > rootfs mount with i_version flags, /var/log, /var/portage, /home .... > on other partitions, without i_version mount option? > whether it will work?
You meed i_version mounts otherwise changes on files are not detected and ima/evm wouldn't update their attributes iirc. That would lead to inaccessible files then. > SELinux? I tried several times, but I always have quite a few errors, while grsec RBAC and configuration in / etc / grsec / policy does not cause any troubles. The problem is that these lack labelling support of any kind. Ima policy cannot be tweaked based on paths, only on contexts (or filesystem types). Wkr, Sven
