Chehab <mchehab+sams...@kernel.org>
Acked-by: James Morris <james.mor...@microsoft.com>
--
James Morris
<jmor...@namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
actions_logged sysctl.
>
> Suggested-by: Steve Grubb <sgr...@redhat.com>
> Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Reviewed-by: James Morris <james.mor...@microsoft.com>
--
James Morris
<jmor...@namei.org>
--
To unsubscribe from this list: send the line
eparator. This patch allows the separator character to be
> configurable to meet both needs.
>
> Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Reviewed-by: James Morris <james.mor...@microsoft.com>
--
James Morris
<jmor...@namei.org>
--
To unsubscribe from this l
itional code paths on whether or not the
> 'write' parameter evaluates to true.
>
> Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Reviewed-by: James Morris <james.mor...@microsoft.com>
--
James Morris
<jmor...@namei.org>
--
To unsubscribe from this list: send the l
o
need to parse package file formats in the kernel.
I'm not really clear on exactly how this patch series works. Can you
provide a more concrete explanation of what steps would occur during boot
and attestation?
--
James Morris
<jmor...@namei.org>
--
To unsubscribe from this list:
ges go in via the docs tree or mine?
In any case:
Acked-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<jmor...@namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More ma
the tpm
> > > directory under Documentation/security.
> >
> > FWIW I like this.
>
> Thx. I just realized that I should have CC'd to linux-security-module
> to get say from James as this makes path for the whole security tree.
>
> James, sorry about that. Can you sha
ther
> +disable module loading entirely (e.g. monolithic kernel builds or
> +modules_disabled sysctl), or provide signed modules (e.g.
> +CONFIG_MODULE_SIG_FORCE, or dm-crypt with LoadPin), to keep from having
> +oot load arbitrary kernel code via the module loader interface.
Or utilize an a
pplied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
--
James Morris
<jmor...@namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
e and firmware loading to the read-only crypto-verified dm-verity
> partition so that kernel module signing is not needed.
>
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
--
James Morris
<jmor...@namei.org>
--
To unsubscribe from this list: se
On 03/08/2016 10:48 AM, James Morris wrote:
On 03/08/2016 06:54 AM, Andy Lutomirski wrote:
This makes sense, but I still think the design is poor. If the hacker
gets code execution, then they can trivially brute force the ADI bits.
ADI in this scenario is intended to prevent the attacker
On 03/08/2016 07:58 AM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 13:41:39 -0700
Shared data may not always be backed by a file. My understanding is
one of the use cases is for in-memory databases. This shared space
could also be used to hand off
12 matches
Mail list logo