On Apr 16, 2014, at 8:06 PM, Kayse, Josh <[email protected]<mailto:[email protected]>> wrote:
On Apr 16, 2014, at 7:59 PM, Shawn Wells <[email protected]<mailto:[email protected]>> wrote: On 4/16/14, 5:44 AM, Jan Lieskovsky wrote: Patch summary: * check for 'nousb' argument on kernel command line in /etc/grub.conf within the bootloader_nousb_argument check in a case-insensitive way * update comments where appropriate * add test attestation timestamp * replace path + filename ind construct with filepath one Testing report: * Tested on RHEL-6. Works fine. I wasn't sure if nousb was case insensitive, so I checked https://www.kernel.org/doc/Documentation/kernel-parameters.txt And found this: Note that ALL kernel parameters listed below are CASE SENSITIVE, and that a trailing = on the name of any parameter states that that parameter will be entered as an environment variable, whereas its absence indicates that it will appear as a kernel argument readable via /proc/cmdline by programs running once the system is up. "nousb" was in the list as case sensitive. Applied your patch (RHEL 6.5), added "nOuSB," and things seem to check out. Should we follow the kernel docs (which say case sensitive), or allow insensitivity since it actually works? _______________________________________________ scap-security-guide mailing list [email protected]<mailto:[email protected]> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide I’d like to point out that the selinux parameter is also within that list. I vote we should follow what actually works and assume the kernel docs are out of date. -josh _______________________________________________ scap-security-guide mailing list [email protected]<mailto:[email protected]> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide Also, according to https://github.com/torvalds/linux/blame/master/Documentation/kernel-parameters.txt that line was last changed 2005. Perhaps someone should brave lkml and submit a patch. -josh
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
