subject:"Re\: \[PATCH v2 5\/5\] LSM\: LoadPin for kernel file loading restrictions"

Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

2016-04-04 Thread Mimi Zohar

On Mon, 2016-04-04 at 12:31 -0700, Kees Cook wrote: > On Thu, Mar 31, 2016 at 2:24 PM, Mimi Zohar wrote: > > On Mon, 2016-03-28 at 14:14 -0700, Kees Cook wrote: > > > >> +static const char *id_str[READING_MAX_ID] = { > >> + [READING_FIRMWARE] = "firmware", > >> + [READING_MODULE] = "kernel

Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

2016-04-04 Thread Kees Cook

On Thu, Mar 31, 2016 at 2:24 PM, Mimi Zohar wrote: > On Mon, 2016-03-28 at 14:14 -0700, Kees Cook wrote: > >> +static const char *id_str[READING_MAX_ID] = { >> + [READING_FIRMWARE] = "firmware", >> + [READING_MODULE] = "kernel module", >> + [READING_KEXEC_IMAGE] = "kexec image", >> +

Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

2016-03-31 Thread Mimi Zohar

On Mon, 2016-03-28 at 14:14 -0700, Kees Cook wrote: > +static const char *id_str[READING_MAX_ID] = { > + [READING_FIRMWARE] = "firmware", > + [READING_MODULE] = "kernel module", > + [READING_KEXEC_IMAGE] = "kexec image", > + [READING_KEXEC_INITRAMFS] = "kexec initramfs", > + [R

Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

2016-03-30 Thread Mimi Zohar

On Mon, 2016-03-28 at 14:38 -0700, Andrew Morton wrote: > On Mon, 28 Mar 2016 14:14:22 -0700 Kees Cook wrote: > > > This LSM enforces that kernel-loaded files (modules, firmware, etc) > > must all come from the same filesystem, with the expectation that > > such a filesystem is backed by a read-o

Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

2016-03-28 Thread Joe Perches

On Mon, 2016-03-28 at 14:14 -0700, Kees Cook wrote: > This LSM enforces that kernel-loaded files (modules, firmware, etc) > must all come from the same filesystem, with the expectation that > such a filesystem is backed by a read-only device such as dm-verity > or CDROM. This allows systems that ha

Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

2016-03-28 Thread Kees Cook

On Mon, Mar 28, 2016 at 2:38 PM, Andrew Morton wrote: > On Mon, 28 Mar 2016 14:14:22 -0700 Kees Cook wrote: > >> This LSM enforces that kernel-loaded files (modules, firmware, etc) >> must all come from the same filesystem, with the expectation that >> such a filesystem is backed by a read-only d

Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

2016-03-28 Thread Andrew Morton

On Mon, 28 Mar 2016 14:14:22 -0700 Kees Cook wrote: > This LSM enforces that kernel-loaded files (modules, firmware, etc) > must all come from the same filesystem, with the expectation that > such a filesystem is backed by a read-only device such as dm-verity > or CDROM. This allows systems that

Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

7 matches

Site Navigation

Mail list logo

Footer information