Re: [PATCH 2/2] ima: check signature enforcement against cmdline param instead of CONFIG

On Fri, 2017-10-20 at 17:19 -0200, Bruno E. O. Meneguele wrote: > When the user requests MODULE_CHECK policy and its kernel is compiled > with CONFIG_MODULE_SIG_FORCE not set, all modules would not load, just > those loaded in initram time. One option the user would have would be > set a kernel

Re: [PATCH 2/2] ima: check signature enforcement against cmdline param instead of CONFIG

On Fri, 2017-10-20 at 17:19 -0200, Bruno E. O. Meneguele wrote: > When the user requests MODULE_CHECK policy and its kernel is compiled > with CONFIG_MODULE_SIG_FORCE not set, all modules would not load, just > those loaded in initram time. One option the user would have would be > set a kernel

[PATCH 2/2] ima: check signature enforcement against cmdline param instead of CONFIG

When the user requests MODULE_CHECK policy and its kernel is compiled with CONFIG_MODULE_SIG_FORCE not set, all modules would not load, just those loaded in initram time. One option the user would have would be set a kernel cmdline param (module.sig_enforce) to true, but the IMA module check code

[PATCH 2/2] ima: check signature enforcement against cmdline param instead of CONFIG

When the user requests MODULE_CHECK policy and its kernel is compiled with CONFIG_MODULE_SIG_FORCE not set, all modules would not load, just those loaded in initram time. One option the user would have would be set a kernel cmdline param (module.sig_enforce) to true, but the IMA module check code