kexec.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: J Freyensee <why2jjj.linux@gmail.com>, linux-integrity@vger.kernel.org
Cc: Andres Rodriguez <andresx7@gmail.com>,
	Kees Cook <keescook@chromium.org>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
	David Howells <dhowells@redhat.com>,
	linux-security-module@vger.kernel.org,
	Eric Biederman <ebiederm@xmission.com>,
	Casey Schaufler <casey@schaufler-ca.com>,
	"Luis R . Rodriguez" <mcgrof@kernel.org>
Subject: Re: [PATCH v5 1/8] security: define new LSM hook named security_kernel_load_data
Date: Tue, 03 Jul 2018 08:35:41 -0400	[thread overview]
Message-ID: <1530621341.3452.5.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <64f467a5-e907-ee3e-495b-b2c731715037@gmail.com>

On Mon, 2018-07-02 at 11:45 -0700, J Freyensee wrote:
> 
> On 7/2/18 7:37 AM, Mimi Zohar wrote:
> > Differentiate between the kernel reading a file from the kernel loading
> > data provided by userspace.  This patch defines a new LSM hook named
> > security_kernel_load_data.
> 
> If this patch series is re-done, can we tweak the description here 
> please?  From what I understood of the code in this patch, I'd tweak it as:
> 
> "Differentiate between the kernel reading a file specified by userspace 
> and the kernel loading a block of data provided by userspace.  This 
> patch defines a new LSM hook named security_kernel_load_data()."
> 
>  From the description, I got a tad confused if the the kernel
> reading a file was also provided by userspace (I know it may be 2nd-
> nature to people on this list, I'm still learning this kernel
> module).

Could we replace "a block of data provided by userspace" with just
"data provided by userspace"?

Mimi


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

  reply	other threads:[~2018-07-03 12:36 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-02 14:37 [PATCH v5 0/8] kexec/firmware: support system wide policy requiring signatures Mimi Zohar
2018-07-02 14:37 ` [PATCH v5 1/8] security: define new LSM hook named security_kernel_load_data Mimi Zohar
2018-07-02 18:45   ` J Freyensee
2018-07-03 12:35     ` Mimi Zohar [this message]
2018-07-02 14:37 ` [PATCH v5 2/8] kexec: add call to LSM hook in original kexec_load syscall Mimi Zohar
2018-07-10 20:26   ` Mimi Zohar
2018-07-02 14:37 ` [PATCH v5 3/8] ima: based on policy require signed kexec kernel images Mimi Zohar
2018-07-02 18:31   ` J Freyensee
2018-07-03 13:07     ` Mimi Zohar
2018-07-02 14:37 ` [PATCH v5 4/8] firmware: add call to LSM hook before firmware sysfs fallback Mimi Zohar
2018-07-03 12:04   ` kbuild test robot
2018-07-02 14:38 ` [PATCH v5 5/8] ima: based on policy require signed firmware (sysfs fallback) Mimi Zohar
2018-07-02 14:38 ` [PATCH v5 6/8] ima: add build time policy Mimi Zohar
2018-07-02 14:38 ` [PATCH v5 7/8] ima: based on policy warn about loading firmware (pre-allocated buffer) Mimi Zohar
2018-07-02 15:30   ` Ard Biesheuvel
2018-07-09 19:41     ` Mimi Zohar
2018-07-10  6:51       ` Ard Biesheuvel
2018-07-10  6:56         ` Ard Biesheuvel
2018-07-10 18:47           ` Mimi Zohar
2018-07-10 19:19           ` Bjorn Andersson
2018-07-11  6:24             ` Ard Biesheuvel
2018-07-12 20:03               ` Mimi Zohar
2018-07-12 20:37                 ` Bjorn Andersson
2018-07-02 14:38 ` [PATCH v5 8/8] module: replace the existing LSM hook in init_module Mimi Zohar
2018-07-03  9:35   ` kbuild test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1530621341.3452.5.camel@linux.vnet.ibm.com \
    --to=zohar@linux.vnet.ibm.com \
    --cc=andresx7@gmail.com \
    --cc=ard.biesheuvel@linaro.org \
    --cc=casey@schaufler-ca.com \
    --cc=dhowells@redhat.com \
    --cc=ebiederm@xmission.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=keescook@chromium.org \
    --cc=kexec@lists.infradead.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mcgrof@kernel.org \
    --cc=why2jjj.linux@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).