On Thu, Feb 11, 2016 at 4:08 AM, Mimi Zohar wrote:
> On Thu, 2016-02-11 at 01:55 +0200, Dmitry Kasatkin wrote:
>> On Feb 11, 2016 1:22 AM, "Mimi Zohar" wrote:
>> >
>> > On Wed, 2016-02-10 at 23:09 +0200, Dmitry Kasatkin wrote:
>> > > On Wed,
On Thu, 2016-02-11 at 08:54 -0800, Casey Schaufler wrote:
> On 2/3/2016 11:06 AM, Mimi Zohar wrote:
> > The kernel_read_file security hook is called prior to reading the file
> > into memory.
> >
> > Signed-off-by: Mimi Zohar
>
> Acked-by: Casey Schaufler
On Thu, 2016-02-11 at 10:47 +0200, Dmitry Kasatkin wrote:
> On Thu, Feb 11, 2016 at 4:08 AM, Mimi Zohar wrote:
> static int idmap[] = {
> [READING_FIRMWARE] = FIRMWARE_CHECK,
> [READING_MODULE] = MODULE_CHECK,
> ...
> };
That works nicely,
On Fri, 05 Feb, at 08:41:15AM, Dave Young wrote:
> On 02/04/16 at 11:56am, Matt Fleming wrote:
> > On Thu, 04 Feb, at 07:09:03PM, Dave Young wrote:
> > >
> > > Consider the original code path, maybe change it to efi_kexec_setup will
> > > be better to remind people? Or something else like a
On 2/3/2016 11:06 AM, Mimi Zohar wrote:
> The kernel_read_file security hook is called prior to reading the file
> into memory.
>
> Signed-off-by: Mimi Zohar
Acked-by: Casey Schaufler
Being able to deny the read prior to performing any
real