On 8/4/20 8:29 AM, Stephen Smalley wrote:
Perhaps vmalloc would be better than using kmalloc? If there are
better options for such large buffer allocation, please let me know.
kvmalloc() can be used to select whichever one is most appropriate.
Other option would be for ima to compute and
On 8/4/20 11:20 AM, Stephen Smalley wrote:
On 8/3/20 6:08 PM, Lakshmi Ramasubramanian wrote:
On 8/3/20 2:07 PM, Stephen Smalley wrote:
[ 68.870715] irq event stamp: 23486085
[ 68.870715] hardirqs last enabled at (23486085):
[] _raw_spin_unlock_irqrestore+0x46/0x60
[ 68.870715]
On 8/3/20 6:08 PM, Lakshmi Ramasubramanian wrote:
On 8/3/20 2:07 PM, Stephen Smalley wrote:
[ 68.870715] irq event stamp: 23486085
[ 68.870715] hardirqs last enabled at (23486085):
[] _raw_spin_unlock_irqrestore+0x46/0x60
[ 68.870715] hardirqs last disabled at (23486084):
[]
On 8/3/20 2:07 PM, Stephen Smalley wrote:
[ 68.870715] irq event stamp: 23486085
[ 68.870715] hardirqs last enabled at (23486085):
[] _raw_spin_unlock_irqrestore+0x46/0x60
[ 68.870715] hardirqs last disabled at (23486084):
[] _raw_spin_lock_irqsave+0x23/0x90
[ 68.870715] softirqs last
On 8/3/20 4:37 PM, Lakshmi Ramasubramanian wrote:
On 8/3/20 1:29 PM, Stephen Smalley wrote:
On 8/3/20 4:00 PM, Stephen Smalley wrote:
On Mon, Aug 3, 2020 at 12:14 PM Lakshmi Ramasubramanian
wrote:
On 8/3/20 8:11 AM, Stephen Smalley wrote:
Possibly I'm missing something but with these
On 8/3/20 1:29 PM, Stephen Smalley wrote:
On 8/3/20 4:00 PM, Stephen Smalley wrote:
On Mon, Aug 3, 2020 at 12:14 PM Lakshmi Ramasubramanian
wrote:
On 8/3/20 8:11 AM, Stephen Smalley wrote:
Possibly I'm missing something but with these patches applied on top of
next-integrity, and the
On 8/3/20 4:00 PM, Stephen Smalley wrote:
On Mon, Aug 3, 2020 at 12:14 PM Lakshmi Ramasubramanian
wrote:
On 8/3/20 8:11 AM, Stephen Smalley wrote:
Possibly I'm missing something but with these patches applied on top of
next-integrity, and the following lines added to /etc/ima/ima-policy:
On Mon, Aug 3, 2020 at 12:14 PM Lakshmi Ramasubramanian
wrote:
>
> On 8/3/20 8:11 AM, Stephen Smalley wrote:
> >
> > Possibly I'm missing something but with these patches applied on top of
> > next-integrity, and the following lines added to /etc/ima/ima-policy:
> >
> > measure func=LSM_STATE
On 8/3/20 8:11 AM, Stephen Smalley wrote:
Possibly I'm missing something but with these patches applied on top of
next-integrity, and the following lines added to /etc/ima/ima-policy:
measure func=LSM_STATE template=ima-buf
measure func=LSM_POLICY
I still don't get the selinux-state or
On 7/29/20 11:47 PM, Lakshmi Ramasubramanian wrote:
SELinux configuration and policy are some of the critical data for this
security module that needs to be measured. This measurement can be used
by an attestation service, for instance, to verify if the configuration
and policies have been
SELinux configuration and policy are some of the critical data for this
security module that needs to be measured. This measurement can be used
by an attestation service, for instance, to verify if the configuration
and policies have been setup correctly and that they haven't been tampered
with at
11 matches
Mail list logo