diff for duplicates of <1521474460.3503.191.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 8058558..bd5624e 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -4,9 +4,9 @@ On Mon, 2018-03-19 at 14:37 +0000, Martin Townsend wrote: > mounts /dev/shm and /sys/fs/cgroup/systemd, it was returning -ENOKEY. There's a disconnect between what ima-evm-utils supports and the -kernel. This sounds like the kernel you're using has directory +kernel. ?This sounds like the kernel you're using has directory support, which has not been upstreamed. - +?? > After investigating it looks like I need to set a key for HMAC to stop > the mkdir failing which I didn't appreciate I needed with a pre-signed > image. @@ -37,8 +37,13 @@ systemd already has support for loading an EVM key. The EVM encrypted key could be based on either a TPM trusted key or a user key, without the HW guarantees of the private key not being -exposed in the clear. If you don't need an EVM key, then without a +exposed in the clear. ?If you don't need an EVM key, then without a TPM, you're probably better off backporting the new portable and immutable EVM key. Mimi + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 52e1f1b..014e24d 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -5,15 +5,10 @@ "ref\077f5ac13-dd79-abf7-13b2-336bf799a25c@schaufler-ca.com\0" "ref\0CABatt_yk_73BsgaD7UsHOL9wse0FxR=i1YXneUfx6aUiBra_JQ@mail.gmail.com\0" "ref\0CABatt_zM0Uu2fEwyORKTLYMC2_KeqSkcye1toBxhyjkgOUr62Q@mail.gmail.com\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: Problem mounting pseudo filesystems with SMACK and IMA enabled.\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0Problem mounting pseudo filesystems with SMACK and IMA enabled.\0" "Date\0Mon, 19 Mar 2018 11:47:40 -0400\0" - "To\0Martin Townsend <mtownsend1973@gmail.com>" - " linux-integrity@vger.kernel.org\0" - "Cc\0Sascha Hauer <s.hauer@pengutronix.de>" - Dmitry Kasatkin <dmitry.kasatkin@huawei.com> - LSM <linux-security-module@vger.kernel.org> - " Casey Schaufler <casey@schaufler-ca.com>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Mon, 2018-03-19 at 14:37 +0000, Martin Townsend wrote:\n" @@ -22,9 +17,9 @@ "> mounts /dev/shm and /sys/fs/cgroup/systemd, it was returning -ENOKEY.\n" "\n" "There's a disconnect between what ima-evm-utils supports and the\n" - "kernel. This sounds like the kernel you're using has directory\n" + "kernel. ?This sounds like the kernel you're using has directory\n" "support, which has not been upstreamed.\n" - " \n" + "??\n" "> After investigating it looks like I need to set a key for HMAC to stop\n" "> the mkdir failing which I didn't appreciate I needed with a pre-signed\n" "> image.\n" @@ -55,10 +50,15 @@ "\n" "The EVM encrypted key could be based on either a TPM trusted key or a\n" "user key, without the HW guarantees of the private key not being\n" - "exposed in the clear. If you don't need an EVM key, then without a\n" + "exposed in the clear. ?If you don't need an EVM key, then without a\n" "TPM, you're probably better off backporting the new portable and\n" "immutable EVM key.\n" "\n" - Mimi + "Mimi\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -1c1c09640e0f4fdeaf9fb20078cce2b50cafe479270a31c9d06ea14010558a59 +ad4998d9c467ad86f44f991fecf8573b9eaa719a0302712238c432d4e6ce9310
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.