diff for duplicates of <1509661123.3416.29.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 355bf5b..1ecafad 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -2,12 +2,12 @@ On Thu, 2017-11-02 at 22:01 +0000, David Howells wrote: > Mimi Zohar <zohar@linux.vnet.ibm.com> wrote: > > > Right, it would never get here if the IMA signature verification -> > fails. If sig_enforce is not enabled, then it will also work. So the +> > fails. ?If sig_enforce is not enabled, then it will also work. ?So the > > only case is if sig_enforced is enabled and there is no key. > > > > eg. -> > else if (can_do_ima_check && is_ima_appraise_enabled()) -> > err = 0; +> > ? ? ? ? ?else if (can_do_ima_check && is_ima_appraise_enabled()) +> > ? ? ? ? ? ? ? ? err = 0; > > I'm not sure where you want to put that, but I can't just do this: > @@ -30,3 +30,8 @@ be signed and verified by IMA-appraisal, that in lockdown mode they also require an appended signature. Mimi + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 8434729..39a8cce 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -6,29 +6,22 @@ "ref\020240.1509643356@warthog.procyon.org.uk\0" "ref\012321.1509658211@warthog.procyon.org.uk\0" "ref\014108.1509660067@warthog.procyon.org.uk\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH 03/27] Enforce module signatures if the kernel is locked down\0" "Date\0Thu, 02 Nov 2017 18:18:43 -0400\0" - "To\0David Howells <dhowells@redhat.com>\0" - "Cc\0linux-security-module@vger.kernel.org" - gnomes@lxorguk.ukuu.org.uk - linux-efi@vger.kernel.org - matthew.garrett@nebula.com - gregkh@linuxfoundation.org - linux-kernel@vger.kernel.org - " jforbes@redhat.com\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Thu, 2017-11-02 at 22:01 +0000, David Howells wrote:\n" "> Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:\n" "> \n" "> > Right, it would never get here if the IMA signature verification\n" - "> > fails. \302\240If sig_enforce is not enabled, then it will also work. \302\240So the\n" + "> > fails. ?If sig_enforce is not enabled, then it will also work. ?So the\n" "> > only case is if sig_enforced is enabled and there is no key.\n" "> > \n" "> > eg.\n" - "> > \302\240 \302\240 \302\240 \302\240 \302\240else if (can_do_ima_check && is_ima_appraise_enabled())\n" - "> > \302\240 \302\240 \302\240 \302\240 \302\240 \302\240 \302\240 \302\240 err = 0;\n" + "> > ? ? ? ? ?else if (can_do_ima_check && is_ima_appraise_enabled())\n" + "> > ? ? ? ? ? ? ? ? err = 0;\n" "> \n" "> I'm not sure where you want to put that, but I can't just do this:\n" "> \n" @@ -50,6 +43,11 @@ "be signed and verified by IMA-appraisal, that in lockdown mode they\n" "also require an appended signature.\n" "\n" - Mimi + "Mimi\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -99f8237f2abc7f67d329cd52ac7b822f44eb53a64c1814fe12450789314d2467 +09f6021c8943d2d6592cd3ef595bae3ae8c31c2ee093532548442dd7ece4e4b0
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.