diff for duplicates of <1509130095.3716.13.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 1851b58..2887afc 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -19,15 +19,20 @@ On Thu, 2017-10-19 at 15:50 +0100, David Howells wrote: > - if (err == -ENOKEY && !sig_enforce) > + if (err == -ENOKEY && !sig_enforce && > + !kernel_is_locked_down("Loading of unsigned modules")) - +? This kernel_is_locked_down() check is being called for both the -original and new module_load syscalls. We need to be able -differentiate them. This is fine for the original syscall, but for +original and new module_load syscalls. ?We need to be able +differentiate them. ?This is fine for the original syscall, but for the new syscall we would need an additional IMA check - !is_ima_appraise_enabled(). Mimi - +? > err = 0; > > return err; + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index e1b4877..7c9ee0b 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,16 +1,9 @@ "ref\0150842463163.7923.11081723749106843698.stgit@warthog.procyon.org.uk\0" "ref\0150842465546.7923.6762214527898273559.stgit@warthog.procyon.org.uk\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH 03/27] Enforce module signatures if the kernel is locked down\0" "Date\0Fri, 27 Oct 2017 14:48:15 -0400\0" - "To\0David Howells <dhowells@redhat.com>" - " linux-security-module@vger.kernel.org\0" - "Cc\0gnomes@lxorguk.ukuu.org.uk" - linux-efi@vger.kernel.org - matthew.garrett@nebula.com - gregkh@linuxfoundation.org - linux-kernel@vger.kernel.org - " jforbes@redhat.com\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Thu, 2017-10-19 at 15:50 +0100, David Howells wrote:\n" @@ -34,17 +27,22 @@ "> -\tif (err == -ENOKEY && !sig_enforce)\n" "> +\tif (err == -ENOKEY && !sig_enforce &&\n" "> +\t !kernel_is_locked_down(\"Loading of unsigned modules\"))\n" - "\302\240\n" + "?\n" "This kernel_is_locked_down() check is being called for both the\n" - "original and new module_load syscalls. \302\240We need to be able\n" - "differentiate them. \302\240This is fine for the original syscall, but for\n" + "original and new module_load syscalls. ?We need to be able\n" + "differentiate them. ?This is fine for the original syscall, but for\n" "the new syscall we would need an additional IMA check -\n" "!is_ima_appraise_enabled().\n" "\n" "Mimi\n" - "\302\240\n" + "?\n" "> \t\terr = 0;\n" "> \n" - "> \treturn err;" + "> \treturn err;\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -fe2073a54c7349d58eca1ee4c53f9fd22de73439a5fc025cbd2fd58e6bc95872 +6c1cdce3d663b588bbfd95f99ed5985de67d6799762f03511eccedaa64fc3e77
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.