In order for LSMs and IMA-appraisal to differentiate between the
kexec_load and kexec_file_load_syscalls, an LSM call needs to be added
to the original kexec_load syscall. From a technical perspective there
is no need for defining a new LSM hook, as the existing
security_kernel_kexec_load() works
In order for LSMs and IMA-appraisal to differentiate between the
kexec_load and kexec_file_load_syscalls, an LSM call needs to be added
to the original kexec_load syscall. From a technical perspective there
is no need for defining a new LSM hook, as the existing
security_kernel_kexec_load() works
Mimi Zohar writes:
> On Thu, 2018-05-03 at 11:42 -0500, Eric W. Biederman wrote:
>> Casey Schaufler writes:
>>
>> > On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
>> >> Mimi Zohar writes:
>> >>
>> >>> On Wed,
Mimi Zohar writes:
> On Thu, 2018-05-03 at 11:42 -0500, Eric W. Biederman wrote:
>> Casey Schaufler writes:
>>
>> > On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
>> >> Mimi Zohar writes:
>> >>
>> >>> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
>> Mimi Zohar writes:
>>
On Thu, 2018-05-03 at 11:42 -0500, Eric W. Biederman wrote:
> Casey Schaufler writes:
>
> > On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
> >> Mimi Zohar writes:
> >>
> >>> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
> Mimi
On Thu, 2018-05-03 at 11:42 -0500, Eric W. Biederman wrote:
> Casey Schaufler writes:
>
> > On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
> >> Mimi Zohar writes:
> >>
> >>> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
> > Allow LSMs and IMA
Casey Schaufler writes:
> On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
>> Mimi Zohar writes:
>>
>>> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
Mimi Zohar writes:
> Allow LSMs and IMA to
Casey Schaufler writes:
> On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
>> Mimi Zohar writes:
>>
>>> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
Mimi Zohar writes:
> Allow LSMs and IMA to differentiate between the kexec_load and
> kexec_file_load syscalls by
On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
>> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
>>> Mimi Zohar writes:
>>>
Allow LSMs and IMA to differentiate between the kexec_load and
On 5/3/2018 8:51 AM, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
>> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
>>> Mimi Zohar writes:
>>>
Allow LSMs and IMA to differentiate between the kexec_load and
kexec_file_load syscalls by adding an "unnecessary" call to
Mimi Zohar writes:
> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
>> Mimi Zohar writes:
>>
>> > Allow LSMs and IMA to differentiate between the kexec_load and
>> > kexec_file_load syscalls by adding an "unnecessary" call to
>>
Mimi Zohar writes:
> On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
>> Mimi Zohar writes:
>>
>> > Allow LSMs and IMA to differentiate between the kexec_load and
>> > kexec_file_load syscalls by adding an "unnecessary" call to
>> > security_kernel_read_file() in kexec_load. This
On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
> > Allow LSMs and IMA to differentiate between the kexec_load and
> > kexec_file_load syscalls by adding an "unnecessary" call to
> > security_kernel_read_file() in kexec_load. This
On Wed, 2018-05-02 at 09:45 -0500, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
> > Allow LSMs and IMA to differentiate between the kexec_load and
> > kexec_file_load syscalls by adding an "unnecessary" call to
> > security_kernel_read_file() in kexec_load. This would be similar to the
> >
Mimi Zohar writes:
> Allow LSMs and IMA to differentiate between the kexec_load and
> kexec_file_load syscalls by adding an "unnecessary" call to
> security_kernel_read_file() in kexec_load. This would be similar to the
> existing init_module syscall calling
Mimi Zohar writes:
> Allow LSMs and IMA to differentiate between the kexec_load and
> kexec_file_load syscalls by adding an "unnecessary" call to
> security_kernel_read_file() in kexec_load. This would be similar to the
> existing init_module syscall calling security_kernel_read_file().
Given
Allow LSMs and IMA to differentiate between the kexec_load and
kexec_file_load syscalls by adding an "unnecessary" call to
security_kernel_read_file() in kexec_load. This would be similar to the
existing init_module syscall calling security_kernel_read_file().
Signed-off-by: Mimi Zohar
Allow LSMs and IMA to differentiate between the kexec_load and
kexec_file_load syscalls by adding an "unnecessary" call to
security_kernel_read_file() in kexec_load. This would be similar to the
existing init_module syscall calling security_kernel_read_file().
Signed-off-by: Mimi Zohar
---
18 matches
Mail list logo