diff for duplicates of <1509364900.3583.54.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index c0aa212..77d4b04 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,9 +1,9 @@ On Mon, 2017-10-30 at 09:00 +0000, David Howells wrote: > Mimi Zohar <zohar@linux.vnet.ibm.com> wrote: > -> > Yes, that works. Thanks! Remember is_ima_appraise_enabled() is +> > Yes, that works. ?Thanks! ?Remember is_ima_appraise_enabled() is > > dependent on the "ima: require secure_boot rules in lockdown mode" -> > patch - http://kernsec.org/pipermail/linux-security-module-archive/201 +> > patch -?http://kernsec.org/pipermail/linux-security-module-archive/201 > > 7-October/003910.html. > > What happens if the file in question is being accessed from a filesystem that @@ -14,9 +14,14 @@ IMA-appraisal returns -EACCES for any error, including lack of xattr support. Thiago Bauermann posted the "Appended signatures support for IMA -appraisal" patch set. This patch set allows the current kernel module +appraisal" patch set. ?This patch set allows the current kernel module appended signature format to be used for verifying the kernel image. - Once that patch set is upstreamed, we'll be able to update the IMA +?Once that patch set is upstreamed, we'll be able to update the IMA "secure_boot" policy to permit appended signatures. Mimi + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index f4ef491..9e9be32 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -4,26 +4,18 @@ "ref\01508774083.3639.124.camel@linux.vnet.ibm.com\0" "ref\020171026074243.GM8550@linux-l9pv.suse\0" "ref\017798.1509354029@warthog.procyon.org.uk\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set\0" "Date\0Mon, 30 Oct 2017 08:01:40 -0400\0" - "To\0David Howells <dhowells@redhat.com>\0" - "Cc\0joeyli <jlee@suse.com>" - linux-security-module@vger.kernel.org - gnomes@lxorguk.ukuu.org.uk - linux-efi@vger.kernel.org - matthew.garrett@nebula.com - gregkh@linuxfoundation.org - linux-kernel@vger.kernel.org - " jforbes@redhat.com\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Mon, 2017-10-30 at 09:00 +0000, David Howells wrote:\n" "> Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:\n" "> \n" - "> > Yes, that works. \302\240Thanks! \302\240Remember is_ima_appraise_enabled() is\n" + "> > Yes, that works. ?Thanks! ?Remember is_ima_appraise_enabled() is\n" "> > dependent on the \"ima: require secure_boot rules in lockdown mode\"\n" - "> > patch -\302\240http://kernsec.org/pipermail/linux-security-module-archive/201\n" + "> > patch -?http://kernsec.org/pipermail/linux-security-module-archive/201\n" "> > 7-October/003910.html.\n" "> \n" "> What happens if the file in question is being accessed from a filesystem that\n" @@ -34,11 +26,16 @@ "support.\n" "\n" "Thiago Bauermann posted the \"Appended signatures support for IMA\n" - "appraisal\" patch set. \302\240This patch set allows the current kernel module\n" + "appraisal\" patch set. ?This patch set allows the current kernel module\n" "appended signature format to be used for verifying the kernel image.\n" - "\302\240Once that patch set is upstreamed, we'll be able to update the IMA\n" + "?Once that patch set is upstreamed, we'll be able to update the IMA\n" "\"secure_boot\" policy to permit appended signatures.\n" "\n" - Mimi + "Mimi\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -a052fef64e6a81b9c612628ef896d269abf744e09c6c5f04f9fe8ba151d363ba +da9f6223b0f53e51b6c23c13fa796645e11a89ed3b711434121de2bfe821de9f
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.