diff for duplicates of <1491551180.4184.50.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index b9d7119..235bec4 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -17,9 +17,3 @@ Not quite, since as Dave pointed out, IMA is policy driven. As a policy is installed, we could set a flag. Mimi - - -_______________________________________________ -kexec mailing list -kexec@lists.infradead.org -http://lists.infradead.org/mailman/listinfo/kexec diff --git a/a/content_digest b/N1/content_digest index 62242bf..0ab46f1 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -7,17 +7,17 @@ "Subject\0Re: [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set\0" "Date\0Fri, 07 Apr 2017 03:46:20 -0400\0" "To\0David Howells <dhowells@redhat.com>\0" - "Cc\0Matthew Garrett <mjg59@srcf.ucam.org>" + "Cc\0Dave Young <dyoung@redhat.com>" + linux-kernel@vger.kernel.org + Matthew Garrett <mjg59@srcf.ucam.org> linux-efi@vger.kernel.org gnomes@lxorguk.ukuu.org.uk + Chun-Yi Lee <jlee@suse.com> gregkh@linuxfoundation.org kexec@lists.infradead.org - linux-kernel@vger.kernel.org - Chun-Yi Lee <jlee@suse.com> linux-security-module@vger.kernel.org keyrings@vger.kernel.org - matthew.garrett@nebula.com - " Dave Young <dyoung@redhat.com>\0" + " matthew.garrett@nebula.com\0" "\00:1\0" "b\0" "On Fri, 2017-04-07 at 08:09 +0100, David Howells wrote:\n" @@ -38,12 +38,6 @@ "Not quite, since as Dave pointed out, IMA is policy driven. \302\240As a\n" "policy is installed, we could set a flag.\n" "\n" - "Mimi\n" - "\n" - "\n" - "_______________________________________________\n" - "kexec mailing list\n" - "kexec@lists.infradead.org\n" - http://lists.infradead.org/mailman/listinfo/kexec + Mimi -8afb599d8876dc041165acd296a05ebde909e64885401ff8fa808c13ad63bf29 +b758d0aa358d4b70ec176ac88027d3261701aab81f09ce0499fd95a1378e345e
diff --git a/a/1.txt b/N2/1.txt index b9d7119..b0af114 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -7,19 +7,18 @@ On Fri, 2017-04-07 at 08:09 +0100, David Howells wrote: > > > > > > > > IMA can be used to verify file signatures too, based on the LSM hooks -> > in kernel_read_file_from_fd(). CONFIG_KEXEC_VERIFY_SIG should not be +> > in ?kernel_read_file_from_fd(). ?CONFIG_KEXEC_VERIFY_SIG should not be > > required. > > Okay, fair enough. I can stick in an OR with an IS_ENABLED on some IMA > symbol. CONFIG_IMA_KEXEC maybe? And also require IMA be enabled? -Not quite, since as Dave pointed out, IMA is policy driven. As a +Not quite, since as Dave pointed out, IMA is policy driven. ?As a policy is installed, we could set a flag. Mimi - -_______________________________________________ -kexec mailing list -kexec@lists.infradead.org -http://lists.infradead.org/mailman/listinfo/kexec +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index 62242bf..e81a478 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -3,21 +3,10 @@ "ref\0149142335441.5101.2294976563846442575.stgit@warthog.procyon.org.uk\0" "ref\020170407030545.GA4296@dhcp-128-65.nay.redhat.com\0" "ref\021572.1491548994@warthog.procyon.org.uk\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set\0" "Date\0Fri, 07 Apr 2017 03:46:20 -0400\0" - "To\0David Howells <dhowells@redhat.com>\0" - "Cc\0Matthew Garrett <mjg59@srcf.ucam.org>" - linux-efi@vger.kernel.org - gnomes@lxorguk.ukuu.org.uk - gregkh@linuxfoundation.org - kexec@lists.infradead.org - linux-kernel@vger.kernel.org - Chun-Yi Lee <jlee@suse.com> - linux-security-module@vger.kernel.org - keyrings@vger.kernel.org - matthew.garrett@nebula.com - " Dave Young <dyoung@redhat.com>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Fri, 2017-04-07 at 08:09 +0100, David Howells wrote:\n" @@ -29,21 +18,20 @@ "> > > > \n" "> > \n" "> > IMA can be used to verify file signatures too, based on the LSM hooks\n" - "> > in \302\240kernel_read_file_from_fd(). \302\240CONFIG_KEXEC_VERIFY_SIG should not be\n" + "> > in ?kernel_read_file_from_fd(). ?CONFIG_KEXEC_VERIFY_SIG should not be\n" "> > required.\n" "> \n" "> Okay, fair enough. I can stick in an OR with an IS_ENABLED on some IMA\n" "> symbol. CONFIG_IMA_KEXEC maybe? And also require IMA be enabled?\n" "\n" - "Not quite, since as Dave pointed out, IMA is policy driven. \302\240As a\n" + "Not quite, since as Dave pointed out, IMA is policy driven. ?As a\n" "policy is installed, we could set a flag.\n" "\n" "Mimi\n" "\n" - "\n" - "_______________________________________________\n" - "kexec mailing list\n" - "kexec@lists.infradead.org\n" - http://lists.infradead.org/mailman/listinfo/kexec + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -8afb599d8876dc041165acd296a05ebde909e64885401ff8fa808c13ad63bf29 +c126d6ab63abdeea989eb790098f63221cb40b1cc86d8c3e925760b67c3e0501
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.