diff for duplicates of <1523477013.5268.72.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 40790ea..409b1f8 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -18,14 +18,14 @@ On Wed, 2018-04-11 at 21:03 +0200, Petr Vorel wrote: > > > > > - } > > > > > Originally writing the policy was done one rule at a time, but hasn't -> > > > been required for a long time. dracut and systemd 'cat' the policy +> > > > been required for a long time. dracut and systemd 'cat' the policy > > > > directly to the pseudo file. > > > OK, let's simplify it to catting the content. > > > Replacing the builtin policy with a new policy in the initramfs was -> > considered safe. With commit 38d859f991f3 ("IMA: policy can now be +> > considered safe. With commit 38d859f991f3 ("IMA: policy can now be > > updated multiple times") the policy can be extended multiple times, -> > not only from the initramfs. For it to be safe to extend the IMA +> > not only from the initramfs. For it to be safe to extend the IMA > > policy (eg. CONFIG_IMA_WRITE_POLICY), the policy must be signed. > > > These tests assume the policy does not need to be signed. @@ -34,7 +34,7 @@ On Wed, 2018-04-11 at 21:03 +0200, Petr Vorel wrote: > (kernels before 4.5)? The ability to sign the policy file was introduced with commit 7429b09 -("ima: load policy using path"). According to "git branch -- +("ima: load policy using path"). According to "git branch -- contains", it was upstreamed in linux-4.6. Mimi diff --git a/a/content_digest b/N1/content_digest index 4f7a6e2..dbbb7a9 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -5,11 +5,9 @@ "ref\01523375764.5268.12.camel@linux.vnet.ibm.com\0" "ref\020180411190335.GB25859@x230\0" "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [RFC PATCH v2 1/4] security/ima: Rewrite tests into new API + fixes\0" + "Subject\0[LTP] [RFC PATCH v2 1/4] security/ima: Rewrite tests into new API + fixes\0" "Date\0Wed, 11 Apr 2018 16:03:33 -0400\0" - "To\0Petr Vorel <pvorel@suse.cz>\0" - "Cc\0ltp@lists.linux.it" - " linux-integrity@vger.kernel.org\0" + "To\0ltp@lists.linux.it\0" "\00:1\0" "b\0" "On Wed, 2018-04-11 at 21:03 +0200, Petr Vorel wrote:\n" @@ -32,14 +30,14 @@ "> > > > > -\t}\n" "> \n" "> > > > Originally writing the policy was done one rule at a time, but hasn't\n" - "> > > > been required for a long time. dracut and systemd 'cat' the policy\n" + "> > > > been required for a long time. \302\240dracut and systemd 'cat' the policy\n" "> > > > directly to the pseudo file.\n" "> > > OK, let's simplify it to catting the content.\n" "> \n" "> > Replacing the builtin policy with a new policy in the initramfs was\n" - "> > considered safe. With commit 38d859f991f3 (\"IMA: policy can now be\n" + "> > considered safe. \302\240With commit 38d859f991f3 (\"IMA: policy can now be\n" "> > updated multiple times\") the policy can be extended multiple times,\n" - "> > not only from the initramfs. For it to be safe to extend the IMA\n" + "> > not only from the initramfs. \302\240For it to be safe to extend the IMA\n" "> > policy (eg. CONFIG_IMA_WRITE_POLICY), the policy must be signed.\n" "> \n" "> > These tests assume the policy does not need to be signed.\n" @@ -48,9 +46,9 @@ "> (kernels before 4.5)?\n" "\n" "The ability to sign the policy file was introduced with commit 7429b09\n" - "(\"ima: load policy using path\"). According to \"git branch --\n" + "(\"ima: load policy using path\"). \302\240According to \"git branch --\n" "contains\", it was upstreamed in linux-4.6.\n" "\n" Mimi -784dd245f16de30d567257d2fc691022c2235f0160cc4499fa4365900eae594c +e21ee63c13021d1e2204eb74cf14093cc9bf86537e84ac72a070a430e09aa25b
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.