diff for duplicates of <1510921286.5920.41.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index f9496f4..5574b79 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -37,21 +37,26 @@ The white list is a proposed new feature. > (measurement/appraisal/audit). The ima_policy_flag is an optimization indicating which actions - -MEASURE, APPRAISE, AUDIT - the policy contains. The IMA policy, -itself, can be replaced with a signed custom policy just once. This +MEASURE, APPRAISE, AUDIT - the policy contains. ?The IMA policy, +itself, can be replaced with a signed custom policy just once. ?This is normally done in the initramfs, after the LSM policies have been -loaded, in order to define policy rules in terms of LSM labels. Once +loaded, in order to define policy rules in terms of LSM labels. ?Once the new policy is loaded, the ima_policy_flag is set. A Kconfig option allows additional signed rules to be added to the IMA -policy. After adding these new rules, additional actions can be added +policy. ?After adding these new rules, additional actions can be added to the policy flag, but not cleared. The system admin/owner knows, prior to loading the custom policy, -which actions will be defined. Instead of waiting for the policy to -be written, the ima_policy_flag could be set at init. (We could -extend the existing "ima_policy=" boot command line option.) If not +which actions will be defined. ?Instead of waiting for the policy to +be written, the ima_policy_flag could be set at init. ?(We could +extend the existing "ima_policy=" boot command line option.) ?If not the ima_policy_flag, itself, then a shadow of the ima_policy_flag, which is OR'ed with the ima_policy_flag. Mimi + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index d0b8afe..93a6953 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -3,17 +3,10 @@ "ref\0aec4e72a-7f74-43e7-c226-f51077e7c619@huawei.com\0" "ref\0CAGXu5jKjXqn-1j881vYc1F0POPhPJOPZB1w=W_zfgdXTsiyX6A@mail.gmail.com\0" "ref\0ddad05d7-1e74-e7b4-d59c-f2e217aa92b5@huawei.com\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [PATCH v2 00/15] ima: digest list feature\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH v2 00/15] ima: digest list feature\0" "Date\0Fri, 17 Nov 2017 07:21:26 -0500\0" - "To\0Roberto Sassu <roberto.sassu@huawei.com>" - " Kees Cook <keescook@chromium.org>\0" - "Cc\0linux-integrity@vger.kernel.org" - linux-security-module <linux-security-module@vger.kernel.org> - linux-fsdevel@vger.kernel.org <linux-fsdevel@vger.kernel.org> - linux-doc@vger.kernel.org - LKML <linux-kernel@vger.kernel.org> - " silviu.vlasceanu@huawei.com\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Fri, 2017-11-17 at 09:55 +0100, Roberto Sassu wrote:\n" @@ -55,23 +48,28 @@ "> (measurement/appraisal/audit).\n" "\n" "The ima_policy_flag is an optimization indicating which actions -\n" - "MEASURE, APPRAISE, AUDIT - the policy contains. The IMA policy,\n" - "itself, can be replaced with a signed custom policy just once. This\n" + "MEASURE, APPRAISE, AUDIT - the policy contains. ?The IMA policy,\n" + "itself, can be replaced with a signed custom policy just once. ?This\n" "is normally done in the initramfs, after the LSM policies have been\n" - "loaded, in order to define policy rules in terms of LSM labels. Once\n" + "loaded, in order to define policy rules in terms of LSM labels. ?Once\n" "the new policy is loaded, the ima_policy_flag is set.\n" "\n" "A Kconfig option allows additional signed rules to be added to the IMA\n" - "policy. After adding these new rules, additional actions can be added\n" + "policy. ?After adding these new rules, additional actions can be added\n" "to the policy flag, but not cleared.\n" "\n" "The system admin/owner knows, prior to loading the custom policy,\n" - "which actions will be defined. Instead of waiting for the policy to\n" - "be written, the ima_policy_flag could be set at init. (We could\n" - "extend the existing \"ima_policy=\" boot command line option.) If not\n" + "which actions will be defined. ?Instead of waiting for the policy to\n" + "be written, the ima_policy_flag could be set at init. ?(We could\n" + "extend the existing \"ima_policy=\" boot command line option.) ?If not\n" "the ima_policy_flag, itself, then a shadow of the ima_policy_flag,\n" "which is OR'ed with the ima_policy_flag.\n" "\n" - Mimi + "Mimi\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -aea4cb77f6b1bf541a9071d68460bf63cda85952351b0d7ee3aa9929d6c40e85 +aa21c5c920eaf9da7b73ea0b35b245fcdc012661b36a9047356253e9fca3fd38
diff --git a/a/1.txt b/N2/1.txt index f9496f4..b9f45b1 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -37,20 +37,20 @@ The white list is a proposed new feature. > (measurement/appraisal/audit). The ima_policy_flag is an optimization indicating which actions - -MEASURE, APPRAISE, AUDIT - the policy contains. The IMA policy, -itself, can be replaced with a signed custom policy just once. This +MEASURE, APPRAISE, AUDIT - the policy contains. The IMA policy, +itself, can be replaced with a signed custom policy just once. This is normally done in the initramfs, after the LSM policies have been -loaded, in order to define policy rules in terms of LSM labels. Once +loaded, in order to define policy rules in terms of LSM labels. Once the new policy is loaded, the ima_policy_flag is set. A Kconfig option allows additional signed rules to be added to the IMA -policy. After adding these new rules, additional actions can be added +policy. After adding these new rules, additional actions can be added to the policy flag, but not cleared. The system admin/owner knows, prior to loading the custom policy, -which actions will be defined. Instead of waiting for the policy to -be written, the ima_policy_flag could be set at init. (We could -extend the existing "ima_policy=" boot command line option.) If not +which actions will be defined. Instead of waiting for the policy to +be written, the ima_policy_flag could be set at init. (We could +extend the existing "ima_policy=" boot command line option.) If not the ima_policy_flag, itself, then a shadow of the ima_policy_flag, which is OR'ed with the ima_policy_flag. diff --git a/a/content_digest b/N2/content_digest index d0b8afe..2ad6d3e 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -55,23 +55,23 @@ "> (measurement/appraisal/audit).\n" "\n" "The ima_policy_flag is an optimization indicating which actions -\n" - "MEASURE, APPRAISE, AUDIT - the policy contains. The IMA policy,\n" - "itself, can be replaced with a signed custom policy just once. This\n" + "MEASURE, APPRAISE, AUDIT - the policy contains. \302\240The IMA policy,\n" + "itself, can be replaced with a signed custom policy just once. \302\240This\n" "is normally done in the initramfs, after the LSM policies have been\n" - "loaded, in order to define policy rules in terms of LSM labels. Once\n" + "loaded, in order to define policy rules in terms of LSM labels. \302\240Once\n" "the new policy is loaded, the ima_policy_flag is set.\n" "\n" "A Kconfig option allows additional signed rules to be added to the IMA\n" - "policy. After adding these new rules, additional actions can be added\n" + "policy. \302\240After adding these new rules, additional actions can be added\n" "to the policy flag, but not cleared.\n" "\n" "The system admin/owner knows, prior to loading the custom policy,\n" - "which actions will be defined. Instead of waiting for the policy to\n" - "be written, the ima_policy_flag could be set at init. (We could\n" - "extend the existing \"ima_policy=\" boot command line option.) If not\n" + "which actions will be defined. \302\240Instead of waiting for the policy to\n" + "be written, the ima_policy_flag could be set at init. \302\240(We could\n" + "extend the existing \"ima_policy=\" boot command line option.) \302\240If not\n" "the ima_policy_flag, itself, then a shadow of the ima_policy_flag,\n" "which is OR'ed with the ima_policy_flag.\n" "\n" Mimi -aea4cb77f6b1bf541a9071d68460bf63cda85952351b0d7ee3aa9929d6c40e85 +67d64de5bc6bf0fad9aa53508ff130e1d7d6634a8828b65629375cf9b0ba223f
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.