Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down

From: David Howells
Date: Mon Oct 30 2017 - 13:00:40 EST

Next message: Marco Franchi: "[PATCH] Input: egalax-ts: Remove leading zero from 'egalax-ts@04' notation"
Previous message: Russell King - ARM Linux: "Re: [PATCH] ARM: add a private asm/unaligned.h"
In reply to: Mimi Zohar: "Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down"
Next in thread: Mimi Zohar: "Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:

> This kernel_is_locked_down() check is being called for both the
> original and new module_load syscalls. ÂWe need to be able
> differentiate them. ÂThis is fine for the original syscall, but for
> the new syscall we would need an additional IMA check -
> !is_ima_appraise_enabled().

IMA can only be used with finit_module()?

David

Next message: Marco Franchi: "[PATCH] Input: egalax-ts: Remove leading zero from 'egalax-ts@04' notation"
Previous message: Russell King - ARM Linux: "Re: [PATCH] ARM: add a private asm/unaligned.h"
In reply to: Mimi Zohar: "Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down"
Next in thread: Mimi Zohar: "Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]