diff for duplicates of <87d0yco1vy.fsf@xmission.com> diff --git a/a/1.txt b/N1/1.txt index ccb7a55..58258d8 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -56,8 +56,3 @@ But kexec_load is already gated. It requires CAP_SYS_BOOT. > Sure, Cc'ing linux-hardening and Kees. > > Mimi - -_______________________________________________ -kexec mailing list -kexec@lists.infradead.org -http://lists.infradead.org/mailman/listinfo/kexec diff --git a/a/content_digest b/N1/content_digest index 008f286..bca1cd6 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -6,13 +6,13 @@ "Date\0Thu, 03 May 2018 16:38:57 -0500\0" "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" "Cc\0Kees Cook <keescook@chromium.org>" - kernel-hardening@lists.openwall.com - kexec@lists.infradead.org - linux-kernel@vger.kernel.org - Matthew Garrett <mjg59@google.com> David Howells <dhowells@redhat.com> + Matthew Garrett <mjg59@google.com> + linux-integrity@vger.kernel.org linux-security-module@vger.kernel.org - " linux-integrity@vger.kernel.org\0" + kexec@lists.infradead.org + linux-kernel@vger.kernel.org + " kernel-hardening@lists.openwall.com\0" "\00:1\0" "b\0" "Mimi Zohar <zohar@linux.vnet.ibm.com> writes:\n" @@ -72,11 +72,6 @@ ">\n" "> Sure, Cc'ing linux-hardening and Kees.\n" ">\n" - "> Mimi\n" - "\n" - "_______________________________________________\n" - "kexec mailing list\n" - "kexec@lists.infradead.org\n" - http://lists.infradead.org/mailman/listinfo/kexec + > Mimi -fdcf61421e78fdf5854c6d5b0fb651ea38bfdfcc82fc32c1eb2af6fa6fb5db08 +05d1fb4e5de667a1b7eff96bcf429023b9948e5391aae24ecfcf352d7adfaf09
diff --git a/a/1.txt b/N2/1.txt index ccb7a55..fbaa910 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -19,11 +19,11 @@ Mimi Zohar <zohar@linux.vnet.ibm.com> writes: >> instrument of policy. > > True, for those building their own kernel, they can disable the old -> syscalls. The concern is not for those building their own kernels, -> but for those using stock kernels. +> syscalls. The concern is not for those building their own kernels, +> but for those using stock kernels. > > By adding an LSM hook here in the kexec_load syscall, as opposed to an -> IMA specific hook, other LSMs can piggy back on top of it. Currently, +> IMA specific hook, other LSMs can piggy back on top of it. Currently, > both load_pin and SELinux are gating the kernel module syscalls based > on security_kernel_read_file. > @@ -56,8 +56,3 @@ But kexec_load is already gated. It requires CAP_SYS_BOOT. > Sure, Cc'ing linux-hardening and Kees. > > Mimi - -_______________________________________________ -kexec mailing list -kexec@lists.infradead.org -http://lists.infradead.org/mailman/listinfo/kexec diff --git a/a/content_digest b/N2/content_digest index 008f286..6c84909 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -6,13 +6,13 @@ "Date\0Thu, 03 May 2018 16:38:57 -0500\0" "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" "Cc\0Kees Cook <keescook@chromium.org>" - kernel-hardening@lists.openwall.com - kexec@lists.infradead.org - linux-kernel@vger.kernel.org - Matthew Garrett <mjg59@google.com> David Howells <dhowells@redhat.com> + Matthew Garrett <mjg59@google.com> + linux-integrity@vger.kernel.org linux-security-module@vger.kernel.org - " linux-integrity@vger.kernel.org\0" + kexec@lists.infradead.org + linux-kernel@vger.kernel.org + " kernel-hardening@lists.openwall.com\0" "\00:1\0" "b\0" "Mimi Zohar <zohar@linux.vnet.ibm.com> writes:\n" @@ -36,11 +36,11 @@ ">> instrument of policy.\n" ">\n" "> True, for those building their own kernel, they can disable the old\n" - "> syscalls. \302\240The concern is not for those building their own kernels,\n" - "> but for those using stock kernels. \302\240\n" + "> syscalls. The concern is not for those building their own kernels,\n" + "> but for those using stock kernels. \n" ">\n" "> By adding an LSM hook here in the kexec_load syscall, as opposed to an\n" - "> IMA specific hook, other LSMs can piggy back on top of it. \302\240Currently,\n" + "> IMA specific hook, other LSMs can piggy back on top of it. Currently,\n" "> both load_pin and SELinux are gating the kernel module syscalls based\n" "> on security_kernel_read_file.\n" ">\n" @@ -72,11 +72,6 @@ ">\n" "> Sure, Cc'ing linux-hardening and Kees.\n" ">\n" - "> Mimi\n" - "\n" - "_______________________________________________\n" - "kexec mailing list\n" - "kexec@lists.infradead.org\n" - http://lists.infradead.org/mailman/listinfo/kexec + > Mimi -fdcf61421e78fdf5854c6d5b0fb651ea38bfdfcc82fc32c1eb2af6fa6fb5db08 +3ffb4d274de2a290d9516d95078647cad68ee9843cd4a0970746ee2fe470cfe6
diff --git a/a/1.txt b/N3/1.txt index ccb7a55..c9b2c9d 100644 --- a/a/1.txt +++ b/N3/1.txt @@ -19,11 +19,11 @@ Mimi Zohar <zohar@linux.vnet.ibm.com> writes: >> instrument of policy. > > True, for those building their own kernel, they can disable the old -> syscalls. The concern is not for those building their own kernels, -> but for those using stock kernels. +> syscalls. ?The concern is not for those building their own kernels, +> but for those using stock kernels. ? > > By adding an LSM hook here in the kexec_load syscall, as opposed to an -> IMA specific hook, other LSMs can piggy back on top of it. Currently, +> IMA specific hook, other LSMs can piggy back on top of it. ?Currently, > both load_pin and SELinux are gating the kernel module syscalls based > on security_kernel_read_file. > @@ -56,8 +56,7 @@ But kexec_load is already gated. It requires CAP_SYS_BOOT. > Sure, Cc'ing linux-hardening and Kees. > > Mimi - -_______________________________________________ -kexec mailing list -kexec@lists.infradead.org -http://lists.infradead.org/mailman/listinfo/kexec +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N3/content_digest index 008f286..e1209fa 100644 --- a/a/content_digest +++ b/N3/content_digest @@ -2,17 +2,9 @@ "ref\087r2mso5up.fsf@xmission.com\0" "ref\01525383075.3539.67.camel@linux.vnet.ibm.com\0" "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0Re: [PATCH 0/3] kexec: limit kexec_load syscall\0" + "Subject\0[PATCH 0/3] kexec: limit kexec_load syscall\0" "Date\0Thu, 03 May 2018 16:38:57 -0500\0" - "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Cc\0Kees Cook <keescook@chromium.org>" - kernel-hardening@lists.openwall.com - kexec@lists.infradead.org - linux-kernel@vger.kernel.org - Matthew Garrett <mjg59@google.com> - David Howells <dhowells@redhat.com> - linux-security-module@vger.kernel.org - " linux-integrity@vger.kernel.org\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "Mimi Zohar <zohar@linux.vnet.ibm.com> writes:\n" @@ -36,11 +28,11 @@ ">> instrument of policy.\n" ">\n" "> True, for those building their own kernel, they can disable the old\n" - "> syscalls. \302\240The concern is not for those building their own kernels,\n" - "> but for those using stock kernels. \302\240\n" + "> syscalls. ?The concern is not for those building their own kernels,\n" + "> but for those using stock kernels. ?\n" ">\n" "> By adding an LSM hook here in the kexec_load syscall, as opposed to an\n" - "> IMA specific hook, other LSMs can piggy back on top of it. \302\240Currently,\n" + "> IMA specific hook, other LSMs can piggy back on top of it. ?Currently,\n" "> both load_pin and SELinux are gating the kernel module syscalls based\n" "> on security_kernel_read_file.\n" ">\n" @@ -73,10 +65,9 @@ "> Sure, Cc'ing linux-hardening and Kees.\n" ">\n" "> Mimi\n" - "\n" - "_______________________________________________\n" - "kexec mailing list\n" - "kexec@lists.infradead.org\n" - http://lists.infradead.org/mailman/listinfo/kexec + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -fdcf61421e78fdf5854c6d5b0fb651ea38bfdfcc82fc32c1eb2af6fa6fb5db08 +24a2cbb467105749081f6aaedf67fbc3c4302c2e101376d36564ff20a0b3bd82
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.