Re: [PATCH v3 19/22] ima: support for kexec image and initramfs

2016-02-11 Thread Dmitry Kasatkin
On Thu, Feb 11, 2016 at 4:08 AM, Mimi Zohar wrote: > On Thu, 2016-02-11 at 01:55 +0200, Dmitry Kasatkin wrote: >> On Feb 11, 2016 1:22 AM, "Mimi Zohar" wrote: >> > >> > On Wed, 2016-02-10 at 23:09 +0200, Dmitry Kasatkin wrote: >> > > On Wed,

Re: [PATCH v3 14/22] security: define kernel_read_file hook

2016-02-11 Thread Mimi Zohar
On Thu, 2016-02-11 at 08:54 -0800, Casey Schaufler wrote: > On 2/3/2016 11:06 AM, Mimi Zohar wrote: > > The kernel_read_file security hook is called prior to reading the file > > into memory. > > > > Signed-off-by: Mimi Zohar > > Acked-by: Casey Schaufler

Re: [PATCH v3 19/22] ima: support for kexec image and initramfs

2016-02-11 Thread Mimi Zohar
On Thu, 2016-02-11 at 10:47 +0200, Dmitry Kasatkin wrote: > On Thu, Feb 11, 2016 at 4:08 AM, Mimi Zohar wrote: > static int idmap[] = { > [READING_FIRMWARE] = FIRMWARE_CHECK, > [READING_MODULE] = MODULE_CHECK, > ... > }; That works nicely,

Re: [PATCH] x86/efi: skip bgrt init for kexec reboot

2016-02-11 Thread Matt Fleming
On Fri, 05 Feb, at 08:41:15AM, Dave Young wrote: > On 02/04/16 at 11:56am, Matt Fleming wrote: > > On Thu, 04 Feb, at 07:09:03PM, Dave Young wrote: > > > > > > Consider the original code path, maybe change it to efi_kexec_setup will > > > be better to remind people? Or something else like a

Re: [PATCH v3 14/22] security: define kernel_read_file hook

2016-02-11 Thread Casey Schaufler
On 2/3/2016 11:06 AM, Mimi Zohar wrote: > The kernel_read_file security hook is called prior to reading the file > into memory. > > Signed-off-by: Mimi Zohar Acked-by: Casey Schaufler Being able to deny the read prior to performing any real