diff for duplicates of <1519254193.19593.32.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 0823376..ca85705 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -8,13 +8,18 @@ On Wed, 2018-02-21 at 16:53 -0600, Eric W. Biederman wrote: > >> am mounting a filesystem. > > > > The latest version of this patch relies on a builtin IMA policy to set -> > a flag. No other changes are required to the IMA policy. This +> > a flag. ?No other changes are required to the IMA policy. ?This > > builtin policy could be used for environments not willing to accept > > the default unverifiable signature risk. > > I still remain puzzled by this. Why is the default to accept the risk? -Accepting the risk is option 2, the privileged mount scenario. It +Accepting the risk is option 2, the privileged mount scenario. ?It requires re-evaluating the cached info. Mimi + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 1c36f77..65e2b32 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -5,19 +5,10 @@ "ref\087tvucifji.fsf@xmission.com\0" "ref\01519135329.3736.88.camel@linux.vnet.ibm.com\0" "ref\087fu5uc5ug.fsf@xmission.com\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [PATCH v1 1/2] ima: fail signature verification on untrusted filesystems\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH v1 1/2] ima: fail signature verification on untrusted filesystems\0" "Date\0Wed, 21 Feb 2018 18:03:13 -0500\0" - "To\0Eric W. Biederman <ebiederm@xmission.com>\0" - "Cc\0James Morris <jmorris@namei.org>" - linux-integrity@vger.kernel.org - linux-security-module@vger.kernel.org - linux-fsdevel@vger.kernel.org - Miklos Szeredi <miklos@szeredi.hu> - Seth Forshee <seth.forshee@canonical.com> - Dongsu Park <dongsu@kinvolk.io> - Alban Crequy <alban@kinvolk.io> - " Serge E . Hallyn <serge@hallyn.com>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Wed, 2018-02-21 at 16:53 -0600, Eric W. Biederman wrote:\n" @@ -30,15 +21,20 @@ "> >> am mounting a filesystem.\n" "> >\n" "> > The latest version of this patch relies on a builtin IMA policy to set\n" - "> > a flag. No other changes are required to the IMA policy. This\n" + "> > a flag. ?No other changes are required to the IMA policy. ?This\n" "> > builtin policy could be used for environments not willing to accept\n" "> > the default unverifiable signature risk.\n" "> \n" "> I still remain puzzled by this. Why is the default to accept the risk?\n" "\n" - "Accepting the risk is option 2, the privileged mount scenario. It\n" + "Accepting the risk is option 2, the privileged mount scenario. ?It\n" "requires re-evaluating the cached info.\n" "\n" - Mimi + "Mimi\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -f8ba50d3862b17f5c7dd8b5ae54f2ff9f736e1bfb7ee6857b407774b261509af +91520006f0cec6c8c220fc19097f7bd1618ec11571c7035c5d912e79c47cca25
diff --git a/a/1.txt b/N2/1.txt index 0823376..4386697 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -8,13 +8,13 @@ On Wed, 2018-02-21 at 16:53 -0600, Eric W. Biederman wrote: > >> am mounting a filesystem. > > > > The latest version of this patch relies on a builtin IMA policy to set -> > a flag. No other changes are required to the IMA policy. This +> > a flag. No other changes are required to the IMA policy. This > > builtin policy could be used for environments not willing to accept > > the default unverifiable signature risk. > > I still remain puzzled by this. Why is the default to accept the risk? -Accepting the risk is option 2, the privileged mount scenario. It +Accepting the risk is option 2, the privileged mount scenario. It requires re-evaluating the cached info. Mimi diff --git a/a/content_digest b/N2/content_digest index 1c36f77..40d6a05 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -30,15 +30,15 @@ "> >> am mounting a filesystem.\n" "> >\n" "> > The latest version of this patch relies on a builtin IMA policy to set\n" - "> > a flag. No other changes are required to the IMA policy. This\n" + "> > a flag. \302\240No other changes are required to the IMA policy. \302\240This\n" "> > builtin policy could be used for environments not willing to accept\n" "> > the default unverifiable signature risk.\n" "> \n" "> I still remain puzzled by this. Why is the default to accept the risk?\n" "\n" - "Accepting the risk is option 2, the privileged mount scenario. It\n" + "Accepting the risk is option 2, the privileged mount scenario. \302\240It\n" "requires re-evaluating the cached info.\n" "\n" Mimi -f8ba50d3862b17f5c7dd8b5ae54f2ff9f736e1bfb7ee6857b407774b261509af +a4703933e93aa406d82ecc60267ce20ffb245b9dd72fc65072824961bbae17f8
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.