Mimi Zohar writes:
> In environments that require the kexec kernel image to be signed, prevent
> using the kexec_load syscall. In order for LSMs and IMA to differentiate
> between kexec_load and kexec_file_load syscalls, this patch set adds a
> call to
On Thu, 2018-05-03 at 11:42 -0500, Eric W. Biederman wrote:
> Casey Schaufler writes:
>
> > On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
> >> Mimi Zohar writes:
> >>
> >>> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
> Mimi
On Thu, May 3, 2018 at 1:13 PM Eric W. Biederman
wrote:
> Mimi Zohar writes:
> > In environments that require the kexec kernel image to be signed,
prevent
> > using the kexec_load syscall. In order for LSMs and IMA to
differentiate
> > between
Casey Schaufler writes:
> On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
>> Mimi Zohar writes:
>>
>>> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
Mimi Zohar writes:
> Allow LSMs and IMA to
On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
>> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
>>> Mimi Zohar writes:
>>>
Allow LSMs and IMA to differentiate between the kexec_load and
Mimi Zohar writes:
> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
>> Mimi Zohar writes:
>>
>> > Allow LSMs and IMA to differentiate between the kexec_load and
>> > kexec_file_load syscalls by adding an "unnecessary" call to
>>
Mimi Zohar writes:
> On Thu, 2018-05-03 at 11:42 -0500, Eric W. Biederman wrote:
>> Casey Schaufler writes:
>>
>> > On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
>> >> Mimi Zohar writes:
>> >>
>> >>> On Wed,
On Thu, 2018-05-03 at 16:38 -0500, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
> > [Cc'ing Kees and kernel-hardening]
> >
> > On Thu, 2018-05-03 at 15:13 -0500, Eric W. Biederman wrote:
> >> Mimi Zohar writes:
> >>
> >> > In environments
[Cc'ing Kees and kernel-hardening]
On Thu, 2018-05-03 at 15:13 -0500, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
> > In environments that require the kexec kernel image to be signed, prevent
> > using the kexec_load syscall. In order for LSMs and IMA to
Mimi Zohar writes:
> [Cc'ing Kees and kernel-hardening]
>
> On Thu, 2018-05-03 at 15:13 -0500, Eric W. Biederman wrote:
>> Mimi Zohar writes:
>>
>> > In environments that require the kexec kernel image to be signed, prevent
>> > using the
Mimi Zohar writes:
> On Thu, 2018-05-03 at 16:38 -0500, Eric W. Biederman wrote:
>> Mimi Zohar writes:
>>
>> > [Cc'ing Kees and kernel-hardening]
>> >
>> > On Thu, 2018-05-03 at 15:13 -0500, Eric W. Biederman wrote:
>> >> Mimi Zohar
Matthew Garrett writes:
> On Thu, May 3, 2018 at 1:13 PM Eric W. Biederman
> wrote:
>
>> Mimi Zohar writes:
>
>> > In environments that require the kexec kernel image to be signed,
> prevent
>> > using the kexec_load syscall.
On Thu, May 3, 2018 at 2:59 PM Eric W. Biederman
wrote:
> Matthew Garrett writes:
> > kexec_load gives root arbitrary power to modify the running kernel
image,
> > including the ability to disable enforcement of module signatures.
> No. It does
On Thu, 2018-05-03 at 18:03 -0500, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
> > On Thu, 2018-05-03 at 16:38 -0500, Eric W. Biederman wrote:
> >> Mimi Zohar writes:
> >>
> >> > [Cc'ing Kees and kernel-hardening]
> >> >
> >> > On Thu,
14 matches
Mail list logo