Re: [PATCH 4/7] firmware_class: perform new LSM checks

2014-07-21 Thread Greg Kroah-Hartman
On Mon, Jul 14, 2014 at 02:38:14PM -0700, Kees Cook wrote: > This attaches LSM hooks to the existing firmware loading interfaces: > filesystem-found firmware and demand-loaded blobs. > > Signed-off-by: Kees Cook > --- Acked-by: Greg Kroah-Hartman -- To unsubscribe from this list: send the line

Re: [PATCH 4/7] firmware_class: perform new LSM checks

2014-07-20 Thread Mimi Zohar
On Mon, 2014-07-21 at 09:43 +1000, James Morris wrote: > On Sat, 19 Jul 2014, Kees Cook wrote: > > [...] > > > With the patch series, the LSM hook sees the userspace-touching loads: > > - from kernel built-in: no LSM hook (nonsense to check the static list) > > - direct from filesystem: called w

Re: [PATCH 4/7] firmware_class: perform new LSM checks

2014-07-20 Thread James Morris
On Sat, 19 Jul 2014, Kees Cook wrote: [...] > With the patch series, the LSM hook sees the userspace-touching loads: > - from kernel built-in: no LSM hook (nonsense to check the static list) > - direct from filesystem: called with file struct > - via uevent /sys "loading"/"data" interface: called

Re: [PATCH 4/7] firmware_class: perform new LSM checks

2014-07-19 Thread Kees Cook
On Sat, Jul 19, 2014 at 12:22 AM, James Morris wrote: > On Fri, 18 Jul 2014, Kees Cook wrote: > >> On Thu, Jul 17, 2014 at 8:41 PM, James Morris wrote: >> > On Mon, 14 Jul 2014, Kees Cook wrote: >> > >> >> This attaches LSM hooks to the existing firmware loading interfaces: >> >> filesystem-found

Re: [PATCH 4/7] firmware_class: perform new LSM checks

2014-07-19 Thread James Morris
On Fri, 18 Jul 2014, Kees Cook wrote: > On Thu, Jul 17, 2014 at 8:41 PM, James Morris wrote: > > On Mon, 14 Jul 2014, Kees Cook wrote: > > > >> This attaches LSM hooks to the existing firmware loading interfaces: > >> filesystem-found firmware and demand-loaded blobs. > > > >> static int fw_get_

Re: [PATCH 4/7] firmware_class: perform new LSM checks

2014-07-18 Thread Kees Cook
On Thu, Jul 17, 2014 at 8:41 PM, James Morris wrote: > On Mon, 14 Jul 2014, Kees Cook wrote: > >> This attaches LSM hooks to the existing firmware loading interfaces: >> filesystem-found firmware and demand-loaded blobs. > >> static int fw_get_filesystem_firmware(struct device *device, >> @@ -640

Re: [PATCH 4/7] firmware_class: perform new LSM checks

2014-07-17 Thread James Morris
On Mon, 14 Jul 2014, Kees Cook wrote: > This attaches LSM hooks to the existing firmware loading interfaces: > filesystem-found firmware and demand-loaded blobs. > static int fw_get_filesystem_firmware(struct device *device, > @@ -640,6 +646,12 @@ static ssize_t firmware_loading_store(struct dev

[PATCH 4/7] firmware_class: perform new LSM checks

2014-07-14 Thread Kees Cook
This attaches LSM hooks to the existing firmware loading interfaces: filesystem-found firmware and demand-loaded blobs. Signed-off-by: Kees Cook --- drivers/base/firmware_class.c | 16 ++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/base/firmware_class.c