Fixed some coding style issues.
Signed-off-by: Bruno E O Meneguele bmenegu...@gmail.com
---
drivers/char/tpm/tpm.h | 10 +-
drivers/char/tpm/tpm_i2c_stm_st33.c | 10 ++
2 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/drivers/char/tpm/tpm.h b/drivers
Trivial typo correction on kernel/sched/topology.c pr_err() message.
Signed-off-by: Bruno E. O. Meneguele <bmenegu...@gmail.com>
---
kernel/sched/topology.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/sched/topology.c b/kernel/sched/topology.c
index bd8b6d
Simple but useful message log to the user in case of module appraise is
forced and fails due to the lack of file descriptor, that might be
caused by kmod calls to compressed modules.
Signed-off-by: Bruno E. O. Meneguele <bmenegu...@gmail.com>
---
security/integrity/ima/ima_main.c | 6 +++
On 04-12, Bruno E. O. Meneguele wrote:
> Simple but useful message log to the user in case of module appraise is
> forced and fails due to the lack of file descriptor, that might be
> caused by kmod calls to compressed modules.
>
> Signed-off-by: Bruno E. O. Meneguele <bm
Simple but useful message log to the user in case of module appraise is
forced and fails due to the lack of file descriptor, that might be
caused by kmod calls to compressed modules.
Signed-off-by: Bruno E. O. Meneguele <brdeo...@redhat.com>
---
security/integrity/ima/ima_main.c | 6 +++
On 04-12, Joe Perches wrote:
> On Mon, 2017-12-04 at 18:23 -0200, Bruno E. O. Meneguele wrote:
> > Simple but useful message log to the user in case of module appraise is
> > forced and fails due to the lack of file descriptor, that might be
> > caused by kmod calls
Simple but useful message log to the user in case of module appraise is
forced and fails due to the lack of file descriptor, that might be
caused by kmod calls to compressed modules.
Signed-off-by: Bruno E. O. Meneguele <brdeo...@redhat.com>
---
security/integrity/ima/ima_main.c | 6 +++
From: "Bruno E. O. Meneguele" <bmenegu...@gmail.com>
Simple but useful message log to the user in case of module appraise is
forced and fails due to the lack of file descriptor, that might be
caused by kmod calls to compressed modules.
Signed-off-by: Bruno E. O. Meneguele <
Ignore this erroneously sent email.
v2 was already superseded by v3.
On 05-12, Bruno E. O. Meneguele wrote:
> Simple but useful message log to the user in case of module appraise is
> forced and fails due to the lack of file descriptor, that might be
> caused by kmod calls to compresse
On 24-10, Mimi Zohar wrote:
> On Tue, 2017-10-24 at 15:37 -0200, Bruno E. O. Meneguele wrote:
> > When the user requests MODULE_CHECK policy and its kernel is compiled
> > with CONFIG_MODULE_SIG_FORCE not set, all modules would not load, just
> > those loaded in initram time
On 25-10, Mimi Zohar wrote:
> On Wed, 2017-10-25 at 13:05 -0200, Bruno E. O. Meneguele wrote:
> > On 24-10, Mimi Zohar wrote:
> > > On Tue, 2017-10-24 at 15:37 -0200, Bruno E. O. Meneguele wrote:
> > > > When the user requests MODULE_CHECK pol
value of
module signature enforcement, being it from CONFIG value or cmdline
param.
Signed-off-by: Bruno E. O. Meneguele <brdeo...@redhat.com>
---
include/linux/module.h | 7 +++
kernel/module.c| 10 ++
2 files changed, 17 insertions(+)
diff --git a/include/linux/modu
doesn't rely on this value, it checks just
CONFIG_MODULE_SIG_FORCE.
This patch solves this problem checking for the exported value of
module.sig_enforce cmdline param intead of CONFIG_MODULE_SIG_FORCE,
which holds the effective value (CONFIG || param).
Signed-off-by: Bruno E. O. Meneguele <br
e changes to correct checkpatch.pl warnings.
Bruno E. O. Meneguele (2):
module: export module signature enforcement status
ima: check signature enforcement against cmdline param instead of
CONFIG
include/linux/module.h| 7 +++
kernel/module.c | 10
10, 386646, "") = 0
The patchset was tested in two different kernels: 4.13.6 (Fedora 27) and
4.14.0-rc4 (integrity-next tree)
Bruno E. O. Meneguele (2):
module: export module signature enforcement status
ima: check signature enforcement against cmdline param instead of
CONFIG
in
value of
module signature enforcement, being it from CONFIG value or cmdline
param.
Signed-off-by: Bruno E. O. Meneguele <brdeo...@redhat.com>
---
include/linux/module.h | 2 ++
kernel/module.c| 8
2 files changed, 10 insertions(+)
diff --git a/include/linux/module.h b/i
doesn't rely on this value, it checks just
CONFIG_MODULE_SIG_FORCE.
This patch solves this problem checking for the exported value of
module.sig_enforce cmdline param intead of CONFIG_MODULE_SIG_FORCE,
which holds the effective value (CONFIG || param).
Signed-off-by: Bruno E. O. Meneguele <br
10, 386646, "") = 0
The patchset was tested in two different kernels: 4.13.6 (Fedora 27) and
4.14.0-rc4 (integrity-next tree)
Bruno E. O. Meneguele (2):
module: export module signature enforcement status
ima: check signature enforcement against cmdline param instead of
CONFIG
in
doesn't rely on this value, it checks just
CONFIG_MODULE_SIG_FORCE.
This patch solves this problem checking for the exported value of
module.sig_enforce cmdline param intead of CONFIG_MODULE_SIG_FORCE,
which holds the effective value (CONFIG || param).
Signed-off-by: Bruno E. O. Meneguele <br
value of
module signature enforcement, being it from CONFIG value or cmdline
param.
Signed-off-by: Bruno E. O. Meneguele <brdeo...@redhat.com>
---
include/linux/module.h | 2 ++
kernel/module.c| 10 ++
2 files changed, 12 insertions(+)
diff --git a/include/linux/module.h b/i
On 23-10, Mimi Zohar wrote:
> On Fri, 2017-10-20 at 17:19 -0200, Bruno E. O. Meneguele wrote:
> > A static variable sig_enforce is used as status var to indicate the real
> > value of CONFIG_MODULE_SIG_FORCE, once this one is set the var will hold
> > true, but if the CONFIG
return 0;
> }
>
> - if (!file && read_id == READING_MODULE) /* MODULE_SIG_FORCE enabled */
> + /*
> + * If both IMA-appraisal and appended signature verification are
> + * enabled, rely on the appended signature verification.
> + */
> + if (sig_e
Simple but useful message log to the user in case of module appraise is
forced and fails due to the lack of file descriptor, that might be
caused by kmod calls to compressed modules.
Signed-off-by: Bruno E. O. Meneguele
---
security/integrity/ima/ima_main.c | 6 +-
1 file changed, 5
On 04-12, Bruno E. O. Meneguele wrote:
> Simple but useful message log to the user in case of module appraise is
> forced and fails due to the lack of file descriptor, that might be
> caused by kmod calls to compressed modules.
>
> Signed-off-by: Bruno E. O. Meneguele
> ---
Simple but useful message log to the user in case of module appraise is
forced and fails due to the lack of file descriptor, that might be
caused by kmod calls to compressed modules.
Signed-off-by: Bruno E. O. Meneguele
---
security/integrity/ima/ima_main.c | 6 +-
1 file changed, 5
On 04-12, Joe Perches wrote:
> On Mon, 2017-12-04 at 18:23 -0200, Bruno E. O. Meneguele wrote:
> > Simple but useful message log to the user in case of module appraise is
> > forced and fails due to the lack of file descriptor, that might be
> > caused by kmod calls
Simple but useful message log to the user in case of module appraise is
forced and fails due to the lack of file descriptor, that might be
caused by kmod calls to compressed modules.
Signed-off-by: Bruno E. O. Meneguele
---
security/integrity/ima/ima_main.c | 6 +-
1 file changed, 5
From: "Bruno E. O. Meneguele"
Simple but useful message log to the user in case of module appraise is
forced and fails due to the lack of file descriptor, that might be
caused by kmod calls to compressed modules.
Signed-off-by: Bruno E. O. Meneguele
---
security/integrity/ima/ima_
Ignore this erroneously sent email.
v2 was already superseded by v3.
On 05-12, Bruno E. O. Meneguele wrote:
> Simple but useful message log to the user in case of module appraise is
> forced and fails due to the lack of file descriptor, that might be
> caused by kmod calls to compresse
Trivial typo correction on kernel/sched/topology.c pr_err() message.
Signed-off-by: Bruno E. O. Meneguele
---
kernel/sched/topology.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/sched/topology.c b/kernel/sched/topology.c
index bd8b6d6f5387..f87de3259b95 100644
- if (!file && read_id == READING_MODULE) /* MODULE_SIG_FORCE enabled */
> + /*
> + * If both IMA-appraisal and appended signature verification are
> + * enabled, rely on the appended signature verification.
> + */
> + if (sig_enforce && read_id == READING_MODULE)
> return 0;
>
> /* permit signed certs */
> --
> 2.7.5
>
I agree with the solution.
Acked-by: Bruno E. O. Meneguele
signature.asc
Description: PGP signature
doesn't rely on this value, it checks just
CONFIG_MODULE_SIG_FORCE.
This patch solves this problem checking for the exported value of
module.sig_enforce cmdline param intead of CONFIG_MODULE_SIG_FORCE,
which holds the effective value (CONFIG || param).
Signed-off-by: Bruno E. O. Meneguele
10, 386646, "") = 0
The patchset was tested in two different kernels: 4.13.6 (Fedora 27) and
4.14.0-rc4 (integrity-next tree)
Bruno E. O. Meneguele (2):
module: export module signature enforcement status
ima: check signature enforcement against cmdline param instead of
CONFIG
in
value of
module signature enforcement, being it from CONFIG value or cmdline
param.
Signed-off-by: Bruno E. O. Meneguele
---
include/linux/module.h | 2 ++
kernel/module.c| 8
2 files changed, 10 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index
On 23-10, Mimi Zohar wrote:
> On Fri, 2017-10-20 at 17:19 -0200, Bruno E. O. Meneguele wrote:
> > A static variable sig_enforce is used as status var to indicate the real
> > value of CONFIG_MODULE_SIG_FORCE, once this one is set the var will hold
> > true, but if the CONFIG
10, 386646, "") = 0
The patchset was tested in two different kernels: 4.13.6 (Fedora 27) and
4.14.0-rc4 (integrity-next tree)
Bruno E. O. Meneguele (2):
module: export module signature enforcement status
ima: check signature enforcement against cmdline param instead of
CONFIG
in
doesn't rely on this value, it checks just
CONFIG_MODULE_SIG_FORCE.
This patch solves this problem checking for the exported value of
module.sig_enforce cmdline param intead of CONFIG_MODULE_SIG_FORCE,
which holds the effective value (CONFIG || param).
Signed-off-by: Bruno E. O. Meneguele
value of
module signature enforcement, being it from CONFIG value or cmdline
param.
Signed-off-by: Bruno E. O. Meneguele
---
include/linux/module.h | 2 ++
kernel/module.c| 10 ++
2 files changed, 12 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index
value of
module signature enforcement, being it from CONFIG value or cmdline
param.
Signed-off-by: Bruno E. O. Meneguele
---
include/linux/module.h | 7 +++
kernel/module.c| 10 ++
2 files changed, 17 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
doesn't rely on this value, it checks just
CONFIG_MODULE_SIG_FORCE.
This patch solves this problem checking for the exported value of
module.sig_enforce cmdline param intead of CONFIG_MODULE_SIG_FORCE,
which holds the effective value (CONFIG || param).
Signed-off-by: Bruno E. O. Meneguele
e changes to correct checkpatch.pl warnings.
Bruno E. O. Meneguele (2):
module: export module signature enforcement status
ima: check signature enforcement against cmdline param instead of
CONFIG
include/linux/module.h| 7 +++
kernel/module.c | 10
On 24-10, Mimi Zohar wrote:
> On Tue, 2017-10-24 at 15:37 -0200, Bruno E. O. Meneguele wrote:
> > When the user requests MODULE_CHECK policy and its kernel is compiled
> > with CONFIG_MODULE_SIG_FORCE not set, all modules would not load, just
> > those loaded in initram time
On 25-10, Mimi Zohar wrote:
> On Wed, 2017-10-25 at 13:05 -0200, Bruno E. O. Meneguele wrote:
> > On 24-10, Mimi Zohar wrote:
> > > On Tue, 2017-10-24 at 15:37 -0200, Bruno E. O. Meneguele wrote:
> > > > When the user requests MODULE_CHECK pol
Fixed some coding style issues.
Signed-off-by: Bruno E O Meneguele
---
drivers/char/tpm/tpm.h | 10 +-
drivers/char/tpm/tpm_i2c_stm_st33.c | 10 ++
2 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index
44 matches
Mail list logo