diff for duplicates of <1508774083.3639.124.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index b83e5ff..74e88d8 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,5 +1,5 @@ On Thu, 2017-10-19 at 15:51 +0100, David Howells wrote: -> From: Chun-Yi Lee <joeyli.kernel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> +> From: Chun-Yi Lee <joeyli.kernel@gmail.com> > > When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image > through kexec_file systemcall if securelevel has been set. @@ -11,9 +11,9 @@ As previously mentioned the last time these patches were posted, this leaves out testing to see if the integrity subsystem is enabled. Commit 503ceaef8e2e "ima: define a set of appraisal rules requiring -file signatures" was upstreamed. An additional patch could force +file signatures" was upstreamed. ?An additional patch could force these rules to be added to the custom policy, if lockdown is enabled. - This and other patches in this series could then check to see if +?This and other patches in this series could then check to see if is_ima_appraise_enabled() is true. Mimi @@ -22,10 +22,10 @@ Mimi > This code was showed in Matthew's patch but not in git: > https://lkml.org/lkml/2015/3/13/778 > -> Cc: Matthew Garrett <mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org> -> Signed-off-by: Chun-Yi Lee <jlee-IBi9RG/b67k@public.gmane.org> -> Signed-off-by: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> -> cc: kexec-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org +> Cc: Matthew Garrett <mjg59@srcf.ucam.org> +> Signed-off-by: Chun-Yi Lee <jlee@suse.com> +> Signed-off-by: David Howells <dhowells@redhat.com> +> cc: kexec at lists.infradead.org > --- > > kernel/kexec_file.c | 7 +++++++ @@ -52,6 +52,11 @@ Mimi > > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org +> the body of a message to majordomo at vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -> +> + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index f343963..f75803d 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,21 +1,13 @@ "ref\0150842463163.7923.11081723749106843698.stgit@warthog.procyon.org.uk\0" "ref\0150842468754.7923.10037578333644594134.stgit@warthog.procyon.org.uk\0" - "ref\0150842468754.7923.10037578333644594134.stgit-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org\0" - "From\0Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>\0" - "Subject\0Re: [PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set\0" "Date\0Mon, 23 Oct 2017 11:54:43 -0400\0" - "To\0David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>" - " linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org\0" - "Cc\0gnomes-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org" - linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org - gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org - linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - " jforbes-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Thu, 2017-10-19 at 15:51 +0100, David Howells wrote:\n" - "> From: Chun-Yi Lee <joeyli.kernel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>\n" + "> From: Chun-Yi Lee <joeyli.kernel@gmail.com>\n" "> \n" "> When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image\n" "> through kexec_file systemcall if securelevel has been set.\n" @@ -27,9 +19,9 @@ "leaves out testing to see if the integrity subsystem is enabled.\n" "\n" "Commit 503ceaef8e2e \"ima: define a set of appraisal rules requiring\n" - "file signatures\" was upstreamed. \302\240An additional patch could force\n" + "file signatures\" was upstreamed. ?An additional patch could force\n" "these rules to be added to the custom policy, if lockdown is enabled.\n" - "\302\240This and other patches in this series could then check to see if\n" + "?This and other patches in this series could then check to see if\n" "is_ima_appraise_enabled() is true.\n" "\n" "Mimi\n" @@ -38,10 +30,10 @@ "> This code was showed in Matthew's patch but not in git:\n" "> https://lkml.org/lkml/2015/3/13/778\n" "> \n" - "> Cc: Matthew Garrett <mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org>\n" - "> Signed-off-by: Chun-Yi Lee <jlee-IBi9RG/b67k@public.gmane.org>\n" - "> Signed-off-by: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>\n" - "> cc: kexec-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org\n" + "> Cc: Matthew Garrett <mjg59@srcf.ucam.org>\n" + "> Signed-off-by: Chun-Yi Lee <jlee@suse.com>\n" + "> Signed-off-by: David Howells <dhowells@redhat.com>\n" + "> cc: kexec at lists.infradead.org\n" "> ---\n" "> \n" "> kernel/kexec_file.c | 7 +++++++\n" @@ -68,8 +60,13 @@ "> \n" "> --\n" "> To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org\n" + "> the body of a message to majordomo at vger.kernel.org\n" "> More majordomo info at http://vger.kernel.org/majordomo-info.html\n" - > + "> \n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -2b0b15718df6ac68daa9400d8a47e58ced7b69a8ccad5f1d7a43a554a443bcd2 +a149820a193cdc3246f5f01298de79e3d73f12705035e24bdc82f1f9e94e2900
diff --git a/a/1.txt b/N2/1.txt index b83e5ff..a358748 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -1,5 +1,5 @@ On Thu, 2017-10-19 at 15:51 +0100, David Howells wrote: -> From: Chun-Yi Lee <joeyli.kernel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> +> From: Chun-Yi Lee <joeyli.kernel@gmail.com> > > When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image > through kexec_file systemcall if securelevel has been set. @@ -22,10 +22,10 @@ Mimi > This code was showed in Matthew's patch but not in git: > https://lkml.org/lkml/2015/3/13/778 > -> Cc: Matthew Garrett <mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org> -> Signed-off-by: Chun-Yi Lee <jlee-IBi9RG/b67k@public.gmane.org> -> Signed-off-by: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> -> cc: kexec-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org +> Cc: Matthew Garrett <mjg59@srcf.ucam.org> +> Signed-off-by: Chun-Yi Lee <jlee@suse.com> +> Signed-off-by: David Howells <dhowells@redhat.com> +> cc: kexec@lists.infradead.org > --- > > kernel/kexec_file.c | 7 +++++++ @@ -52,6 +52,6 @@ Mimi > > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org +> the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > diff --git a/a/content_digest b/N2/content_digest index f343963..8faa3bb 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,21 +1,20 @@ "ref\0150842463163.7923.11081723749106843698.stgit@warthog.procyon.org.uk\0" "ref\0150842468754.7923.10037578333644594134.stgit@warthog.procyon.org.uk\0" - "ref\0150842468754.7923.10037578333644594134.stgit-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org\0" - "From\0Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>\0" + "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" "Subject\0Re: [PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set\0" "Date\0Mon, 23 Oct 2017 11:54:43 -0400\0" - "To\0David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>" - " linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org\0" - "Cc\0gnomes-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org" - linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org - gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org - linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - " jforbes-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org\0" + "To\0David Howells <dhowells@redhat.com>" + " linux-security-module@vger.kernel.org\0" + "Cc\0gnomes@lxorguk.ukuu.org.uk" + linux-efi@vger.kernel.org + matthew.garrett@nebula.com + gregkh@linuxfoundation.org + linux-kernel@vger.kernel.org + " jforbes@redhat.com\0" "\00:1\0" "b\0" "On Thu, 2017-10-19 at 15:51 +0100, David Howells wrote:\n" - "> From: Chun-Yi Lee <joeyli.kernel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>\n" + "> From: Chun-Yi Lee <joeyli.kernel@gmail.com>\n" "> \n" "> When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image\n" "> through kexec_file systemcall if securelevel has been set.\n" @@ -38,10 +37,10 @@ "> This code was showed in Matthew's patch but not in git:\n" "> https://lkml.org/lkml/2015/3/13/778\n" "> \n" - "> Cc: Matthew Garrett <mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org>\n" - "> Signed-off-by: Chun-Yi Lee <jlee-IBi9RG/b67k@public.gmane.org>\n" - "> Signed-off-by: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>\n" - "> cc: kexec-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org\n" + "> Cc: Matthew Garrett <mjg59@srcf.ucam.org>\n" + "> Signed-off-by: Chun-Yi Lee <jlee@suse.com>\n" + "> Signed-off-by: David Howells <dhowells@redhat.com>\n" + "> cc: kexec@lists.infradead.org\n" "> ---\n" "> \n" "> kernel/kexec_file.c | 7 +++++++\n" @@ -68,8 +67,8 @@ "> \n" "> --\n" "> To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org\n" + "> the body of a message to majordomo@vger.kernel.org\n" "> More majordomo info at http://vger.kernel.org/majordomo-info.html\n" > -2b0b15718df6ac68daa9400d8a47e58ced7b69a8ccad5f1d7a43a554a443bcd2 +92766643dab22f08a7d305dd7dc16ec7269132a88ac7040ba030ecf6e57b7e9b
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.