On Wed, 2013-02-13 at 15:36 +0200, Kasatkin, Dmitry wrote: > It should not be the only line in the policy. > Can you share full policy?
> On Wed, Feb 13, 2013 at 3:29 PM, Vivek Goyal <vgo...@redhat.com> wrote: > > > > appraise fowner=0 func=BPRM_CHECK appraise_type=imasig_optional Different use cases require different policies. Our concern is that appraising file integrity not be added to the kernel in an ad-hoc manner. This rule implements the intent of the original patches Vivek posted. We might personally disagree with the intent, but that is a totally separate discussion - one that should have been raised when he posted the original patches. thanks, Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/