On 15-10-16 22:31:31, Petko Manolov wrote:
> When in development it is useful to read back the IMA policy. This patch
> provides the functionality. However, this is a potential security hole so
> it should not be used in production-grade kernels.
>
> Signed-off-by: Petko Manolov
On Tue, 2015-10-20 at 10:26 +0300, Petko Manolov wrote:
> On 15-10-19 14:21:42, Mimi Zohar wrote:
> > On Fri, 2015-10-16 at 22:31 +0300, Petko Manolov wrote:
> > > When in development it is useful to read back the IMA policy. This patch
> > > provides the functionality. However, this is a
On 15-10-19 14:21:42, Mimi Zohar wrote:
> On Fri, 2015-10-16 at 22:31 +0300, Petko Manolov wrote:
> > When in development it is useful to read back the IMA policy. This patch
> > provides the functionality. However, this is a potential security hole so
> > it should not be used in
On Tue, 2015-10-20 at 15:10 +0300, Petko Manolov wrote:
> On 15-10-20 08:00:29, Mimi Zohar wrote:
> > On Tue, 2015-10-20 at 10:26 +0300, Petko Manolov wrote:
> > > On 15-10-19 14:21:42, Mimi Zohar wrote:
> > > > On Fri, 2015-10-16 at 22:31 +0300, Petko Manolov wrote:
> > > > > When in development
On 15-10-20 09:03:19, Mimi Zohar wrote:
> On Tue, 2015-10-20 at 15:10 +0300, Petko Manolov wrote:
> >
> > By "security hole" i mean being able to read it at all. Root or non-root.
> > Knowing what the IMA policy is may give the attacker an idea how to
> > circumvent it. I used stronger words
On Fri, 2015-10-16 at 22:31 +0300, Petko Manolov wrote:
> When in development it is useful to read back the IMA policy. This patch
> provides the functionality. However, this is a potential security hole so
> it should not be used in production-grade kernels.
Like the other IMA securityfs
