Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown

Matthew Garrett wrote: > + /* Ban synthetic events from some sysrq functionality */ > + if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) && > + op_p->enable_mask & SYSRQ_DISABLE_USERSPACE) > + printk("This sysrq operation

Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown

On Wed, Mar 6, 2019 at 4:10 PM Randy Dunlap wrote: > > On 3/6/19 3:58 PM, Matthew Garrett wrote: > > From: Kyle McMartin > > > > Make an option to provide a sysrq key that will lift the kernel lockdown, > > thereby allowing the running kernel image to be accessed and modified. > > You still need

Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown

On 3/6/19 3:58 PM, Matthew Garrett wrote: > From: Kyle McMartin > > Make an option to provide a sysrq key that will lift the kernel lockdown, > thereby allowing the running kernel image to be accessed and modified. You still need to document this in Documentation/admin-guide/sysrq.rst, like I

[PATCH 02/27] Add a SysRq option to lift kernel lockdown

From: Kyle McMartin Make an option to provide a sysrq key that will lift the kernel lockdown, thereby allowing the running kernel image to be accessed and modified. On x86 this is triggered with SysRq+x, but this key may not be available on all arches, so it is set by setting LOCKDOWN_LIFT_KEY

[PATCH 02/27] Add a SysRq option to lift kernel lockdown

From: Kyle McMartin Make an option to provide a sysrq key that will lift the kernel lockdown, thereby allowing the running kernel image to be accessed and modified. On x86 this is triggered with SysRq+x, but this key may not be available on all arches, so it is set by setting LOCKDOWN_LIFT_KEY

[PATCH 02/27] Add a SysRq option to lift kernel lockdown

From: Kyle McMartin Make an option to provide a sysrq key that will lift the kernel lockdown, thereby allowing the running kernel image to be accessed and modified. On x86 this is triggered with SysRq+x, but this key may not be available on all arches, so it is set by setting LOCKDOWN_LIFT_KEY

[PATCH 02/27] Add a SysRq option to lift kernel lockdown

From: Kyle McMartin Make an option to provide a sysrq key that will lift the kernel lockdown, thereby allowing the running kernel image to be accessed and modified. On x86 this is triggered with SysRq+x, but this key may not be available on all arches, so it is set by setting LOCKDOWN_LIFT_KEY

[PATCH 02/27] Add a SysRq option to lift kernel lockdown

From: Kyle McMartin Make an option to provide a sysrq key that will lift the kernel lockdown, thereby allowing the running kernel image to be accessed and modified. On x86 this is triggered with SysRq+x, but this key may not be available on all arches, so it is set by setting LOCKDOWN_LIFT_KEY

Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown

Thiago Jung Bauermann wrote: > On non-x86 platforms (tested on powerpc) this fails to build with: > > security/lock_down.c: In function ‘lockdown_lift_sysrq’: > security/lock_down.c:100:40: error: ‘LOCKDOWN_LIFT_KEY’ undeclared (first use > in this function) >

Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown

Thiago Jung Bauermann wrote: > On non-x86 platforms (tested on powerpc) this fails to build with: > > security/lock_down.c: In function ‘lockdown_lift_sysrq’: > security/lock_down.c:100:40: error: ‘LOCKDOWN_LIFT_KEY’ undeclared (first use > in this function) >

Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown

Hello David, David Howells writes: > +static struct sysrq_key_op lockdown_lift_sysrq_op = { > + .handler= sysrq_handle_lockdown_lift, > + .help_msg = "unSB(x)", > + .action_msg = "Disabling Secure Boot restrictions", > + .enable_mask=

Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown

Hello David, David Howells writes: > +static struct sysrq_key_op lockdown_lift_sysrq_op = { > + .handler= sysrq_handle_lockdown_lift, > + .help_msg = "unSB(x)", > + .action_msg = "Disabling Secure Boot restrictions", > + .enable_mask=

Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown

Randy Dunlap wrote: > > +config ALLOW_LOCKDOWN_LIFT > > + bool > > + help > > + Allow the lockdown on a kernel to be lifted, thereby restoring the > > + ability of userspace to access the kernel image (eg. by SysRq+x under > > how about:

Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown

Randy Dunlap wrote: > > +config ALLOW_LOCKDOWN_LIFT > > + bool > > + help > > + Allow the lockdown on a kernel to be lifted, thereby restoring the > > + ability of userspace to access the kernel image (eg. by SysRq+x under > > how about:

Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown

On 10/19/17 07:50, David Howells wrote: > From: Kyle McMartin > > Make an option to provide a sysrq key that will lift the kernel lockdown, > thereby allowing the running kernel image to be accessed and modified. > > On x86_64 this is triggered with SysRq+x, but this key may

Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown

On 10/19/17 07:50, David Howells wrote: > From: Kyle McMartin > > Make an option to provide a sysrq key that will lift the kernel lockdown, > thereby allowing the running kernel image to be accessed and modified. > > On x86_64 this is triggered with SysRq+x, but this key may not be available >

[PATCH 02/27] Add a SysRq option to lift kernel lockdown

From: Kyle McMartin Make an option to provide a sysrq key that will lift the kernel lockdown, thereby allowing the running kernel image to be accessed and modified. On x86_64 this is triggered with SysRq+x, but this key may not be available on all arches, so it is set by

[PATCH 02/27] Add a SysRq option to lift kernel lockdown

From: Kyle McMartin Make an option to provide a sysrq key that will lift the kernel lockdown, thereby allowing the running kernel image to be accessed and modified. On x86_64 this is triggered with SysRq+x, but this key may not be available on all arches, so it is set by setting