In order for LSMs and IMA-appraisal to differentiate between the
kexec_load and kexec_file_load_syscalls, an LSM call needs to be added
to the original kexec_load syscall. From a technical perspective there
is no need for defining a new LSM hook, as the existing
security_kernel_kexec_load() works
Mimi Zohar writes:
> On Thu, 2018-05-03 at 11:42 -0500, Eric W. Biederman wrote:
>> Casey Schaufler writes:
>>
>> > On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
>> >> Mimi Zohar writes:
>> >>
>> >>> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
>> Mimi Zohar writes:
>> >>>
On Thu, 2018-05-03 at 11:42 -0500, Eric W. Biederman wrote:
> Casey Schaufler writes:
>
> > On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
> >> Mimi Zohar writes:
> >>
> >>> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
> > Allow LSMs and IMA to
Casey Schaufler writes:
> On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
>> Mimi Zohar writes:
>>
>>> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
Mimi Zohar writes:
> Allow LSMs and IMA to differentiate between the kexec_load and
> kexec_file_load syscalls by ad
On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
>> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
>>> Mimi Zohar writes:
>>>
Allow LSMs and IMA to differentiate between the kexec_load and
kexec_file_load syscalls by adding an "unnecessary" call to
Mimi Zohar writes:
> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
>> Mimi Zohar writes:
>>
>> > Allow LSMs and IMA to differentiate between the kexec_load and
>> > kexec_file_load syscalls by adding an "unnecessary" call to
>> > security_kernel_read_file() in kexec_load. This wo
On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
> > Allow LSMs and IMA to differentiate between the kexec_load and
> > kexec_file_load syscalls by adding an "unnecessary" call to
> > security_kernel_read_file() in kexec_load. This would be similar to the
> > ex
Mimi Zohar writes:
> Allow LSMs and IMA to differentiate between the kexec_load and
> kexec_file_load syscalls by adding an "unnecessary" call to
> security_kernel_read_file() in kexec_load. This would be similar to the
> existing init_module syscall calling security_kernel_read_file().
Given t
Hi Eric,
I'd really appreciate your reviewing/ack'ing this patch.
thanks,
Mimi
On Thu, 2018-04-12 at 18:41 -0400, Mimi Zohar wrote:
> Allow LSMs and IMA to differentiate between the kexec_load and
> kexec_file_load syscalls by adding an "unnecessary" call to
> security_kernel_read_file() in kex
Allow LSMs and IMA to differentiate between the kexec_load and
kexec_file_load syscalls by adding an "unnecessary" call to
security_kernel_read_file() in kexec_load. This would be similar to the
existing init_module syscall calling security_kernel_read_file().
Signed-off-by: Mimi Zohar
---
kern
10 matches
Mail list logo