On Mon, Jan 07, 2013 at 11:39:47AM +1030, Rusty Russell wrote:
> Josh Boyer writes:
> > With module signing enabled but not in enforcing mode, we don't consider
> > unsigned modules to be an error. However, we only mark sig_ok as true if
> > a signature verified. This causes the module to be
On Mon, Jan 07, 2013 at 11:39:47AM +1030, Rusty Russell wrote:
Josh Boyer jwbo...@redhat.com writes:
With module signing enabled but not in enforcing mode, we don't consider
unsigned modules to be an error. However, we only mark sig_ok as true if
a signature verified. This causes the
Josh Boyer writes:
> With module signing enabled but not in enforcing mode, we don't consider
> unsigned modules to be an error. However, we only mark sig_ok as true if
> a signature verified. This causes the module to be tainted with the
> TAINT_FORCED_MODULE flag.
Wait, what? So, what does
Josh Boyer jwbo...@redhat.com writes:
With module signing enabled but not in enforcing mode, we don't consider
unsigned modules to be an error. However, we only mark sig_ok as true if
a signature verified. This causes the module to be tainted with the
TAINT_FORCED_MODULE flag.
Wait, what?
With module signing enabled but not in enforcing mode, we don't consider
unsigned modules to be an error. However, we only mark sig_ok as true if
a signature verified. This causes the module to be tainted with the
TAINT_FORCED_MODULE flag. That in turn taints the kernel, which also
disables
With module signing enabled but not in enforcing mode, we don't consider
unsigned modules to be an error. However, we only mark sig_ok as true if
a signature verified. This causes the module to be tainted with the
TAINT_FORCED_MODULE flag. That in turn taints the kernel, which also
disables
6 matches
Mail list logo
