Re: [IMA] 2.6.30-rc8 : Bug while trying to launch a KVM guest

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sachin Sant <sachinp@in.ibm.com>
To: Mimi Zohar <zohar@us.ibm.com>
Cc: linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [IMA] 2.6.30-rc8 : Bug while trying to launch a KVM guest
Date: Sun, 07 Jun 2009 01:43:12 +0530	[thread overview]
Message-ID: <4A2ACDD8.7010203@in.ibm.com> (raw)
In-Reply-To: <OF64D7363D.C87FDEC1-ON852575CC.006F30A6-852575CC.0070CAE8@us.ibm.com>

Mimi Zohar wrote:
> This bug has been addressed in linux-next. Please refer to:
>
> f06dd16a03f6f7f72fab4db03be36e28c28c6fd6 : IMA: Handle dentry_open 
> failures
> 1a62e958fa4aaeeb752311b4f5e16b2a86737b23 : IMA: open all files O_LARGEFILE
> 04288f42033607099cebf5ca15ce8dcec3a9688b : integrity: ima audit 
> dentry_open failure
>
> The default policy in 2.6.30 measures all files open for read by root.
> (So starting the VM as root will cause it to be read.)  This linux-next
> patch changes the default behavior so that nothing is measured. 
>
> 5789ba3bd0a3cd20df5980ebf03358f2eb44fd67 :  IMA: Minimal IMA policy and 
> boot param for TCB IMA policy
>   
I am able to boot the kvm guest after applying the following two patches.

commit f06dd16a03f6f7f72fab4db03be36e28c28c6fd6
commit 1a62e958fa4aaeeb752311b4f5e16b2a86737b23

Thanks Mimi for the help.

Regards
-Sachin

-- 

---------------------------------
Sachin Sant
IBM Linux Technology Center
India Systems and Technology Labs
Bangalore, India
---------------------------------

     prev parent reply	other threads:[~2009-06-06 20:13 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-06-05 17:08 [IMA] 2.6.30-rc8 : Bug while trying to launch a KVM guest Sachin Sant
2009-06-05 20:31 ` Mimi Zohar
2009-06-06 20:13   ` Sachin Sant [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4A2ACDD8.7010203@in.ibm.com \
    --to=sachinp@in.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=zohar@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.