From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Kees Cook <keescook@chromium.org>
Cc: James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Andrew Morton <akpm@linux-foundation.org>,
Kalle Valo <kvalo@codeaurora.org>,
Mauro Carvalho Chehab <mchehab@osg.samsung.com>,
Joe Perches <joe@perches.com>, Guenter Roeck <linux@roeck-us.net>,
Jiri Slaby <jslaby@suse.com>, Paul Moore <pmoore@redhat.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
Casey Schaufler <casey@schaufler-ca.com>,
Andreas Gruenbacher <agruenba@redhat.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Ulf Hansson <ulf.hansson@linaro.org>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
linux-security-module <linux-security-module@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions
Date: Mon, 04 Apr 2016 19:03:56 -0400 [thread overview]
Message-ID: <1459811036.6228.30.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <CAGXu5jLkS8HhJWLZmE1+Jw-A_DxwK57rWwnA5YxQViH56r_Krw@mail.gmail.com>
On Mon, 2016-04-04 at 12:31 -0700, Kees Cook wrote:
> On Thu, Mar 31, 2016 at 2:24 PM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> > On Mon, 2016-03-28 at 14:14 -0700, Kees Cook wrote:
> >
> >> +static const char *id_str[READING_MAX_ID] = {
> >> + [READING_FIRMWARE] = "firmware",
> >> + [READING_MODULE] = "kernel module",
> >> + [READING_KEXEC_IMAGE] = "kexec image",
> >> + [READING_KEXEC_INITRAMFS] = "kexec initramfs",
> >> + [READING_POLICY] = "security policy",
> >> +};
> >> +
> I wonder if there should be a function that returns a const string for
> each kernel_read_file_id enum so users of the enum don't need to do
> it?
Right, having a single, corresponding, string array would be good. Some
of the strings in id_str[] have blanks, which might be problematic for
the audit subsystem, and would need to be replaced with a hyphen or
underscore.
Mimi
prev parent reply other threads:[~2016-04-04 23:05 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-28 21:14 [PATCH v2 0/5] LSM: LoadPin for kernel file loading restrictions Kees Cook
2016-03-28 21:14 ` [PATCH v2 1/5] string_helpers: add kstrdup_quotable Kees Cook
2016-03-28 23:30 ` Joe Perches
2016-04-06 23:50 ` Kees Cook
2016-03-28 21:14 ` [PATCH v2 2/5] string_helpers: add kstrdup_quotable_cmdline Kees Cook
2016-03-30 11:07 ` Andy Shevchenko
2016-03-30 11:11 ` Andy Shevchenko
2016-04-06 23:38 ` Kees Cook
2016-03-28 21:14 ` [PATCH v2 3/5] string_helpers: add kstrdup_quotable_file Kees Cook
2016-03-28 21:14 ` [PATCH v2 4/5] Yama: consolidate error reporting Kees Cook
2016-03-28 21:14 ` [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions Kees Cook
2016-03-28 21:38 ` Andrew Morton
2016-03-28 21:58 ` Kees Cook
2016-03-30 20:24 ` Mimi Zohar
2016-03-28 23:20 ` Joe Perches
2016-03-31 21:24 ` Mimi Zohar
2016-04-04 19:31 ` Kees Cook
2016-04-04 23:03 ` Mimi Zohar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1459811036.6228.30.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=agruenba@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=joe@perches.com \
--cc=jslaby@suse.com \
--cc=keescook@chromium.org \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=linux@roeck-us.net \
--cc=mchehab@osg.samsung.com \
--cc=pmoore@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=serge@hallyn.com \
--cc=ulf.hansson@linaro.org \
--cc=vkuznets@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.