Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL

[Matthew Garrett]

On Wed, 2013-03-20 at 12:41 -0400, Mimi Zohar wrote:

> Matthrew, perhaps you could clarify whether this will be tied to MAC
> security.  Based on the kexec thread, I'm under the impression that is
> not the intention, or at least not for kexec.  As root isn't trusted,
> neither is the boot command line, nor any policy that is loaded by root,
> including those for MAC.

The work done on signed initramfs fragments would seem to be the best
option here so far?

-- 
Matthew Garrett | mj...@srcf.ucam.org
N�����r��y����b�X��ǧv�^�)޺{.n�+����{�y����^n�r���z���h�����&���G���h�(�階�ݢj"���m������z�ޖ���f���h���~�m�