diff for duplicates of <87h8nospo5.fsf@xmission.com> diff --git a/a/1.txt b/N1/1.txt index c0937f3..463f4ab 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -22,7 +22,7 @@ Mimi Zohar <zohar@linux.vnet.ibm.com> writes: >> Am I missing something here? > > The kexec_file_load() calls kernel_read_file_from_fd(), which in turn -> calls security_kernel_read_file(). So kexec_file_load and kexec_load +> calls security_kernel_read_file(). So kexec_file_load and kexec_load > syscall would be using the same method for enforcing signature > verification. @@ -39,9 +39,9 @@ kexec_load security hook. > This is independent of the architecture specific method for verifying -> signatures. The coordination between these two methods was included +> signatures. The coordination between these two methods was included > in the lockdown patch set, but is being removed, as well the gating of -> kexec_load syscall. Instead of being based on the lockdown flag, I +> kexec_load syscall. Instead of being based on the lockdown flag, I > assume the coordination between the two methods will reappear based on > a secure boot flag of some sort. @@ -49,9 +49,3 @@ I was blind there for a moment. Yes this is all about the ima xattrs allowing a file to be loaded. Eric - - -_______________________________________________ -kexec mailing list -kexec@lists.infradead.org -http://lists.infradead.org/mailman/listinfo/kexec diff --git a/a/content_digest b/N1/content_digest index 41e6814..bb09d2e 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -6,12 +6,12 @@ "Subject\0Re: [PATCH 2/3] kexec: call LSM hook for kexec_load syscall\0" "Date\0Thu, 03 May 2018 10:51:38 -0500\0" "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Cc\0kexec@lists.infradead.org" - linux-kernel@vger.kernel.org + "Cc\0David Howells <dhowells@redhat.com>" Matthew Garrett <mjg59@google.com> - David Howells <dhowells@redhat.com> + linux-integrity@vger.kernel.org linux-security-module@vger.kernel.org - " linux-integrity@vger.kernel.org\0" + kexec@lists.infradead.org + " linux-kernel@vger.kernel.org\0" "\00:1\0" "b\0" "Mimi Zohar <zohar@linux.vnet.ibm.com> writes:\n" @@ -38,7 +38,7 @@ ">> Am I missing something here?\n" ">\n" "> The kexec_file_load() calls kernel_read_file_from_fd(), which in turn\n" - "> calls security_kernel_read_file(). \302\240So kexec_file_load and kexec_load\n" + "> calls security_kernel_read_file(). So kexec_file_load and kexec_load\n" "> syscall would be using the same method for enforcing signature\n" "> verification.\n" "\n" @@ -55,21 +55,15 @@ "\n" "\n" "> This is independent of the architecture specific method for verifying\n" - "> signatures. \302\240The coordination between these two methods was included\n" + "> signatures. The coordination between these two methods was included\n" "> in the lockdown patch set, but is being removed, as well the gating of\n" - "> kexec_load syscall. \302\240Instead of being based on the lockdown flag, I\n" + "> kexec_load syscall. Instead of being based on the lockdown flag, I\n" "> assume the coordination between the two methods will reappear based on\n" "> a secure boot flag of some sort.\n" "\n" "I was blind there for a moment. Yes this is all about the ima xattrs\n" "allowing a file to be loaded.\n" "\n" - "Eric\n" - "\n" - "\n" - "_______________________________________________\n" - "kexec mailing list\n" - "kexec@lists.infradead.org\n" - http://lists.infradead.org/mailman/listinfo/kexec + Eric -b66effab25e3f8a4ee9d62f8b8b04bce5b984b377d32d678c8d7ecafe4e5939c +67250f6ecd64a33b6135910ab64b563df83e9e65f311946ee11499a06af96e38
diff --git a/a/1.txt b/N2/1.txt index c0937f3..cc57430 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -22,7 +22,7 @@ Mimi Zohar <zohar@linux.vnet.ibm.com> writes: >> Am I missing something here? > > The kexec_file_load() calls kernel_read_file_from_fd(), which in turn -> calls security_kernel_read_file(). So kexec_file_load and kexec_load +> calls security_kernel_read_file(). ?So kexec_file_load and kexec_load > syscall would be using the same method for enforcing signature > verification. @@ -39,9 +39,9 @@ kexec_load security hook. > This is independent of the architecture specific method for verifying -> signatures. The coordination between these two methods was included +> signatures. ?The coordination between these two methods was included > in the lockdown patch set, but is being removed, as well the gating of -> kexec_load syscall. Instead of being based on the lockdown flag, I +> kexec_load syscall. ?Instead of being based on the lockdown flag, I > assume the coordination between the two methods will reappear based on > a secure boot flag of some sort. @@ -50,8 +50,7 @@ allowing a file to be loaded. Eric - -_______________________________________________ -kexec mailing list -kexec@lists.infradead.org -http://lists.infradead.org/mailman/listinfo/kexec +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index 41e6814..b25b516 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -3,15 +3,9 @@ "ref\087h8nqglpx.fsf@xmission.com\0" "ref\01525275904.5669.308.camel@linux.vnet.ibm.com\0" "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0Re: [PATCH 2/3] kexec: call LSM hook for kexec_load syscall\0" + "Subject\0[PATCH 2/3] kexec: call LSM hook for kexec_load syscall\0" "Date\0Thu, 03 May 2018 10:51:38 -0500\0" - "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Cc\0kexec@lists.infradead.org" - linux-kernel@vger.kernel.org - Matthew Garrett <mjg59@google.com> - David Howells <dhowells@redhat.com> - linux-security-module@vger.kernel.org - " linux-integrity@vger.kernel.org\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "Mimi Zohar <zohar@linux.vnet.ibm.com> writes:\n" @@ -38,7 +32,7 @@ ">> Am I missing something here?\n" ">\n" "> The kexec_file_load() calls kernel_read_file_from_fd(), which in turn\n" - "> calls security_kernel_read_file(). \302\240So kexec_file_load and kexec_load\n" + "> calls security_kernel_read_file(). ?So kexec_file_load and kexec_load\n" "> syscall would be using the same method for enforcing signature\n" "> verification.\n" "\n" @@ -55,9 +49,9 @@ "\n" "\n" "> This is independent of the architecture specific method for verifying\n" - "> signatures. \302\240The coordination between these two methods was included\n" + "> signatures. ?The coordination between these two methods was included\n" "> in the lockdown patch set, but is being removed, as well the gating of\n" - "> kexec_load syscall. \302\240Instead of being based on the lockdown flag, I\n" + "> kexec_load syscall. ?Instead of being based on the lockdown flag, I\n" "> assume the coordination between the two methods will reappear based on\n" "> a secure boot flag of some sort.\n" "\n" @@ -66,10 +60,9 @@ "\n" "Eric\n" "\n" - "\n" - "_______________________________________________\n" - "kexec mailing list\n" - "kexec@lists.infradead.org\n" - http://lists.infradead.org/mailman/listinfo/kexec + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -b66effab25e3f8a4ee9d62f8b8b04bce5b984b377d32d678c8d7ecafe4e5939c +d7be8fc93a29b21b6a1edb87677ebe2c7da8fd29d24f53458208fc183a805d42
diff --git a/a/1.txt b/N3/1.txt index c0937f3..a2d660e 100644 --- a/a/1.txt +++ b/N3/1.txt @@ -49,9 +49,3 @@ I was blind there for a moment. Yes this is all about the ima xattrs allowing a file to be loaded. Eric - - -_______________________________________________ -kexec mailing list -kexec@lists.infradead.org -http://lists.infradead.org/mailman/listinfo/kexec diff --git a/a/content_digest b/N3/content_digest index 41e6814..463c49a 100644 --- a/a/content_digest +++ b/N3/content_digest @@ -6,12 +6,12 @@ "Subject\0Re: [PATCH 2/3] kexec: call LSM hook for kexec_load syscall\0" "Date\0Thu, 03 May 2018 10:51:38 -0500\0" "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Cc\0kexec@lists.infradead.org" - linux-kernel@vger.kernel.org + "Cc\0David Howells <dhowells@redhat.com>" Matthew Garrett <mjg59@google.com> - David Howells <dhowells@redhat.com> + linux-integrity@vger.kernel.org linux-security-module@vger.kernel.org - " linux-integrity@vger.kernel.org\0" + kexec@lists.infradead.org + " linux-kernel@vger.kernel.org\0" "\00:1\0" "b\0" "Mimi Zohar <zohar@linux.vnet.ibm.com> writes:\n" @@ -64,12 +64,6 @@ "I was blind there for a moment. Yes this is all about the ima xattrs\n" "allowing a file to be loaded.\n" "\n" - "Eric\n" - "\n" - "\n" - "_______________________________________________\n" - "kexec mailing list\n" - "kexec@lists.infradead.org\n" - http://lists.infradead.org/mailman/listinfo/kexec + Eric -b66effab25e3f8a4ee9d62f8b8b04bce5b984b377d32d678c8d7ecafe4e5939c +517825ebf9b00af8ffd18673b10c4c385d09fc0456621d2e3ef5e252dc771077
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.