Re: Add support for shipping extended attributes in debs

[Ian Jackson <ijackson@chiark.greenend.org.uk>]

Matthew Garrett writes ("Re: Add support for shipping extended attributes in debs"):
> On Wed, May 2, 2018 at 5:39 AM Ian Jackson <ijackson@chiark.greenend.org.uk>
> wrote:
> > Why do you want to ship security metadata and have dpkg apply it ?
> 
> For our internal systems, we want to be able to distinguish between
> binaries that have been produced by our internal build infrastructure and
> binaries that have been built locally or obtained from a third party. We
> impose an LSM policy that distinguishes between "trusted" and "untrusted"
> binaries, and forbids untrusted binaries from accessing some sensitive
> resources (such as credentials for access to production systems). Trusted
> binaries are signed at build time, and we verify that the signatures are
> valid before allowing anything to execute in the trusted security context.

I see.  That's a nice explanation of the next layer up.  But I was
hoping for a layer 9 anser.

Ian.