Re: [PATCH v3 00/10] Add CA enforcement keyring restrictions

From: Mimi Zohar
Date: Fri Dec 23 2022 - 14:45:52 EST

Next message: Deepak R Varma: "[PATCH] scsi: myrb: Use sysfs_emit in show function callsbacks"
Previous message: H. Peter Anvin: "Re: [RFC PATCH 23/32] x86/fred: update MSR_IA32_FRED_RSP0 during task switch"
In reply to: Eric Snowberg: "Re: [PATCH v3 00/10] Add CA enforcement keyring restrictions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2022-12-23 at 18:17 +0000, Eric Snowberg wrote:
> >> Fair enough. If this will be viewed as justification for adding the additional
> >> code, I can work on adding it. Above you mentioned a warning would be needed
> >> at a minimum and a restriction could be placed behind a Kconfig. How about for
> >> the default case I add the warning and when compiling with
> >> INTEGRITY_CA_MACHINE_KEYRING the restriction will be enforced.
> >
> > Sounds good to me. To avoid misunderstandings, will there be a Kconfig
> > menu with 3 options?
>
> I will add the three options in the next round.
>
> > There were a couple of other comments having to
> > do with variable names. Will you address them as well?
>
> And take care of the variable name changes. I won’t get back to this until January.

Enjoy your vacation and the holidays. Looking forward to the next
version.

--
thanks,

Mimi

Next message: Deepak R Varma: "[PATCH] scsi: myrb: Use sysfs_emit in show function callsbacks"
Previous message: H. Peter Anvin: "Re: [RFC PATCH 23/32] x86/fred: update MSR_IA32_FRED_RSP0 during task switch"
In reply to: Eric Snowberg: "Re: [PATCH v3 00/10] Add CA enforcement keyring restrictions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]