https://lwn.net/Articles/817472/ This is a special feed containing comments posted to the individual LWN article titled "The integrity policy enforcement security module". en-us Fri, 19 Sep 2025 09:59:05 +0000 Fri, 19 Sep 2025 09:59:05 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/817933/ https://lwn.net/Articles/817933/ intelfx <div class="FormattedComment"> <font class="QuotedText">&gt; policy_name="Evil lockdown policy" policy_version=6.6.6</font><br> <p> So... lampshading much?<br> </div> Mon, 20 Apr 2020 04:08:56 +0000 https://lwn.net/Articles/817686/ https://lwn.net/Articles/817686/ Fowl <div class="FormattedComment"> Interesting that this is from Microsoft, as they've gone down the path of "enlightening" interpreters for their "Defender Application Guard" feature in Windows. Although that is more tied to hashes/signatures on each executable instead of disk images.<br> </div> Fri, 17 Apr 2020 07:18:32 +0000 https://lwn.net/Articles/817684/ https://lwn.net/Articles/817684/ Fowl There's a little bit of discussion of this in the "Known Gaps" and "Future" sections of <a href="https://lwn.net/ml/linux-kernel/20200415162550.2324-1-deven.desai@linux.microsoft.com/">announcement email</a>. Fri, 17 Apr 2020 07:15:35 +0000 https://lwn.net/Articles/817682/ https://lwn.net/Articles/817682/ martin.pitt <div class="FormattedComment"> Thank you for the nice article! This sounds like even with a super-strict policy you can still execute arbitrary code through installed interpreters, right? (sh, python, etc.) That is if course conceptually difficult to control at the kernel security policy layer. <br> </div> Fri, 17 Apr 2020 05:09:01 +0000