On Wed, Jun 06, 2018 at 08:17:26PM +0200, Hans de Goede wrote: > But yes this means that these probably won't go in for another > cycle or 2, that is fine. > > > > -Add new READING_FIRMWARE_EFI_EMBEDDED read_file_id and use it > > > -Call security_kernel_read_file(NULL, READING_FIRMWARE_EFI_EMBEDDED) > > > to check if this is allowed before looking at EFI embedded fw > > > > There's a discussion over having security_kernel_read_file(NULL, > > READING_WHATEVER) become another LSM hook. So your series would conflict > > with > > that at the moment. > > > > So yet another piece of code which this series depends on. > > Ah well, I'm in no big hurry to get this merged. OTOH if this is > ready and that discussion is not yet finished it might be better > to merge this as is and then have the security_kernel_read_file / LSM > hook series fix this up as necessary when it is merged.
True, there is also value in getting this series reviewed so that all that is needed is to consider merging it, so if you address the new call as I requested in a next series I'll review the series then. Luis -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
