diff for duplicates of <1533308099.4337.424.camel@linux.ibm.com> diff --git a/a/1.txt b/N1/1.txt index d3a26bb..12858d8 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -24,7 +24,7 @@ On Fri, 2018-08-03 at 08:11 -0500, Seth Forshee wrote: > CONFIG_KEXEC_VERIFY_SIG is enabled, since it effectively renders that > option impotent? Or has that idea already been rejected? -Agreed! We can modify the "case LOADING_KEXEC_IMAGE" in +Agreed! We can modify the "case LOADING_KEXEC_IMAGE" in ima_load_data() to prevent the kexec_load based on CONFIG_KEXEC_VERIFY_SIG. diff --git a/a/content_digest b/N1/content_digest index eb9604b..4b21c29 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -40,7 +40,7 @@ "> CONFIG_KEXEC_VERIFY_SIG is enabled, since it effectively renders that\n" "> option impotent? Or has that idea already been rejected?\n" "\n" - "Agreed! \302\240We can modify the \"case LOADING_KEXEC_IMAGE\" in\n" + "Agreed! We can modify the \"case LOADING_KEXEC_IMAGE\" in\n" "ima_load_data() to prevent the kexec_load based on\n" "CONFIG_KEXEC_VERIFY_SIG.\n" "\n" @@ -49,4 +49,4 @@ "\n" Mimi -b7c2d2cb29b26385b1cd05f23f79ce66f1ca2e6ab15cdeeaf36f4801055d9e22 +f9c4b6a83515a3b254fbc2dd4e50e79bdd11ed08a18e3d8803af37fe1659a69d
diff --git a/a/1.txt b/N2/1.txt index d3a26bb..179906e 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -24,7 +24,7 @@ On Fri, 2018-08-03 at 08:11 -0500, Seth Forshee wrote: > CONFIG_KEXEC_VERIFY_SIG is enabled, since it effectively renders that > option impotent? Or has that idea already been rejected? -Agreed! We can modify the "case LOADING_KEXEC_IMAGE" in +Agreed! ?We can modify the "case LOADING_KEXEC_IMAGE" in ima_load_data() to prevent the kexec_load based on CONFIG_KEXEC_VERIFY_SIG. @@ -32,3 +32,8 @@ The architecture specific policy would only include the IMA appraise rule if CONFIG_KEXEC_VERIFY_SIG was not defined. Mimi + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index eb9604b..6d14114 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,17 +1,10 @@ "ref\020180725233200.761-1-erichte@linux.vnet.ibm.com\0" "ref\020180725233200.761-4-erichte@linux.vnet.ibm.com\0" "ref\020180803131129.GS3001@ubuntu-xps13\0" - "From\0Mimi Zohar <zohar@linux.ibm.com>\0" - "Subject\0Re: [PATCH 3/4] ima: add support for KEXEC_ORIG_KERNEL_CHECK\0" + "From\0zohar@linux.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH 3/4] ima: add support for KEXEC_ORIG_KERNEL_CHECK\0" "Date\0Fri, 03 Aug 2018 10:54:59 -0400\0" - "To\0Seth Forshee <seth.forshee@canonical.com>" - " Eric Richter <erichte@linux.vnet.ibm.com>\0" - "Cc\0linux-integrity <linux-integrity@vger.kernel.org>" - linux-security-module <linux-security-module@vger.kernel.org> - linux-efi <linux-efi@vger.kernel.org> - linux-kernel <linux-kernel@vger.kernel.org> - David Howells <dhowells@redhat.com> - " Justin Forbes <jforbes@redhat.com>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Fri, 2018-08-03 at 08:11 -0500, Seth Forshee wrote:\n" @@ -40,13 +33,18 @@ "> CONFIG_KEXEC_VERIFY_SIG is enabled, since it effectively renders that\n" "> option impotent? Or has that idea already been rejected?\n" "\n" - "Agreed! \302\240We can modify the \"case LOADING_KEXEC_IMAGE\" in\n" + "Agreed! ?We can modify the \"case LOADING_KEXEC_IMAGE\" in\n" "ima_load_data() to prevent the kexec_load based on\n" "CONFIG_KEXEC_VERIFY_SIG.\n" "\n" "The architecture specific policy would only include the IMA appraise\n" "rule if CONFIG_KEXEC_VERIFY_SIG was not defined.\n" "\n" - Mimi + "Mimi\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -b7c2d2cb29b26385b1cd05f23f79ce66f1ca2e6ab15cdeeaf36f4801055d9e22 +56a11b05732f312a0b974e1957120349b6aff43321cc5d89d1ecfb27ef2ed822
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.