Re: [PATCH v2 11/11] docs: fix broken references with multiple hints

Chehab <mchehab+sams...@kernel.org> Acked-by: James Morris <james.mor...@microsoft.com> -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH v2 3/4] seccomp: Audit attempts to modify the actions_logged sysctl

actions_logged sysctl. > > Suggested-by: Steve Grubb <sgr...@redhat.com> > Signed-off-by: Tyler Hicks <tyhi...@canonical.com> Reviewed-by: James Morris <james.mor...@microsoft.com> -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: send the line

Re: [PATCH v2 2/4] seccomp: Configurable separator for the actions_logged string

eparator. This patch allows the separator character to be > configurable to meet both needs. > > Signed-off-by: Tyler Hicks <tyhi...@canonical.com> Reviewed-by: James Morris <james.mor...@microsoft.com> -- James Morris <jmor...@namei.org> -- To unsubscribe from this l

Re: [PATCH v2 1/4] seccomp: Separate read and write code for actions_logged sysctl

itional code paths on whether or not the > 'write' parameter evaluates to true. > > Signed-off-by: Tyler Hicks <tyhi...@canonical.com> Reviewed-by: James Morris <james.mor...@microsoft.com> -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: send the l

Re: [Linux-ima-devel] [PATCH, RESEND 08/12] ima: added parser for RPM data type

o need to parse package file formats in the kernel. I'm not really clear on exactly how this patch series works. Can you provide a more concrete explanation of what steps would occur during boot and attestation? -- James Morris <jmor...@namei.org> -- To unsubscribe from this list:

Re: [PATCH 06/17] doc: security: minor cleanups to build kernel-doc

ges go in via the docs tree or mine? In any case: Acked-by: James Morris <james.l.mor...@oracle.com> -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majord...@vger.kernel.org More ma

Re: [PATCH 3/3] tpm: move documentation under Documentation/security

the tpm > > > directory under Documentation/security. > > > > FWIW I like this. > > Thx. I just realized that I should have CC'd to linux-security-module > to get say from James as this makes path for the whole security tree. > > James, sorry about that. Can you sha

Re: [PATCH] doc: self-protection: provide initial details

ther > +disable module loading entirely (e.g. monolithic kernel builds or > +modules_disabled sysctl), or provide signed modules (e.g. > +CONFIG_MODULE_SIG_FORCE, or dm-crypt with LoadPin), to keep from having > +oot load arbitrary kernel code via the module loader interface. Or utilize an a

Re: [PATCH] fs: fix over-zealous use of "const"

pplied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH v5 0/6] LSM: LoadPin for kernel file loading restrictions

e and firmware loading to the read-only crypto-verified dm-verity > partition so that kernel module signing is not needed. > Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: se

Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)

On 03/08/2016 10:48 AM, James Morris wrote: On 03/08/2016 06:54 AM, Andy Lutomirski wrote: This makes sense, but I still think the design is poor. If the hacker gets code execution, then they can trivially brute force the ADI bits. ADI in this scenario is intended to prevent the attacker

Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)

On 03/08/2016 07:58 AM, David Miller wrote: From: Khalid Aziz Date: Mon, 7 Mar 2016 13:41:39 -0700 Shared data may not always be backed by a file. My understanding is one of the use cases is for in-memory databases. This shared space could also be used to hand off