On Mon, 2019-03-11 at 17:42 -0700, Matthew Garrett wrote:
> On Wed, Mar 6, 2019 at 8:24 PM Matthew Garrett wrote:
> >
> > On Wed, Mar 6, 2019 at 7:56 PM Mimi Zohar wrote:
> > > The kexec and kernel modules patches in this patch set continues to
> > > ignore IMA. This patch set should up front ei
On Wed, Mar 6, 2019 at 8:24 PM Matthew Garrett wrote:
>
> On Wed, Mar 6, 2019 at 7:56 PM Mimi Zohar wrote:
> > The kexec and kernel modules patches in this patch set continues to
> > ignore IMA. This patch set should up front either provide an
> > alternative solution to coordinate the different
On Wed, Mar 6, 2019 at 7:56 PM Mimi Zohar wrote:
> The kexec and kernel modules patches in this patch set continues to
> ignore IMA. This patch set should up front either provide an
> alternative solution to coordinate the different signature
> verification methods or rely on the architecture spe
On Wed, 2019-03-06 at 15:58 -0800, Matthew Garrett wrote:
> 3) The integration with IMA has been dropped for now. IMA is in the
> process of adding support for architecture-specific policies that will
> interact correctly with the lockdown feature, and a followup patch will
> integrate that so we
Hi James,
This patchset introduces an optional kernel lockdown feature,
intended to strengthen the boundary between UID 0 and the kernel. When
enabled and active (by enabling the config option and passing the
"lockdown" option on the kernel command line), various pieces of
kernel functionality are
5 matches
Mail list logo