F20 System Wide Change: Enable kdump on secureboot machines
Steve Grubb
sgrubb at redhat.com
Thu Jul 11 15:45:34 UTC 2013
On Thursday, July 11, 2013 10:33:05 AM Vivek Goyal wrote:
> Secondly, there are disagreements upstream w.r.t how locking down
> executable should happen. IMA folks want some functionality behind
> security hooks (as opposed to what I have done). So I am expecting
> that once patches do get merged upstream, they might be in little
> different shape altogether.
I don't know if the average person has played with IMA. It hashes all files
being accessed depending on its policy. This is CPU intensive and will cause
the system fans to run faster and the system uses more power. It also runs
slower because of all the time spent hashing files. I reported this to upstream
IMA developers a while back. I doubt anything has changed.
-Steve
More information about the devel
mailing list