On Fri, Nov 10, 2017 at 12:13 PM, Mimi Zohar wrote:
> On Fri, 2017-11-10 at 12:58 -0500, Mimi Zohar wrote:
>>
>> +
>> +static struct security_hook_list fw_lockdown_hooks[] = {
>> + LSM_HOOK_INIT(fw_lockdown_file_check, fw_lockdown_bprm_check)
>
> Sigh, that should
On Fri, Nov 10, 2017 at 12:13 PM, Mimi Zohar wrote:
> On Fri, 2017-11-10 at 12:58 -0500, Mimi Zohar wrote:
>>
>> +
>> +static struct security_hook_list fw_lockdown_hooks[] = {
>> + LSM_HOOK_INIT(fw_lockdown_file_check, fw_lockdown_bprm_check)
>
> Sigh, that should have be:
>
On Fri, 2017-11-10 at 12:58 -0500, Mimi Zohar wrote:
>
> +
> +static struct security_hook_list fw_lockdown_hooks[] = {
> + LSM_HOOK_INIT(fw_lockdown_file_check, fw_lockdown_bprm_check)
Sigh, that should have be:
LSM_HOOK_INIT(kernel_read_file, fw_lockdown_read_file)
> +};
On Fri, 2017-11-10 at 12:58 -0500, Mimi Zohar wrote:
>
> +
> +static struct security_hook_list fw_lockdown_hooks[] = {
> + LSM_HOOK_INIT(fw_lockdown_file_check, fw_lockdown_bprm_check)
Sigh, that should have be:
LSM_HOOK_INIT(kernel_read_file, fw_lockdown_read_file)
> +};
On Fri, 2017-11-10 at 20:35 +0100, Luis R. Rodriguez wrote:
> On Fri, Nov 10, 2017 at 12:58:23PM -0500, Mimi Zohar wrote:
> > Hi David,
> >
> > If you are interested in preventing the loading of unsigned firmware,
> > the patch below is straight forward. The patch has ONLY been tested
> > with
On Fri, 2017-11-10 at 20:35 +0100, Luis R. Rodriguez wrote:
> On Fri, Nov 10, 2017 at 12:58:23PM -0500, Mimi Zohar wrote:
> > Hi David,
> >
> > If you are interested in preventing the loading of unsigned firmware,
> > the patch below is straight forward. The patch has ONLY been tested
> > with
On Fri, Nov 10, 2017 at 12:58:23PM -0500, Mimi Zohar wrote:
> Hi David,
>
> If you are interested in preventing the loading of unsigned firmware,
> the patch below is straight forward. The patch has ONLY been tested
> with IMA-appraisal enabled, and works as intended - allowing only
> signed
On Fri, Nov 10, 2017 at 12:58:23PM -0500, Mimi Zohar wrote:
> Hi David,
>
> If you are interested in preventing the loading of unsigned firmware,
> the patch below is straight forward. The patch has ONLY been tested
> with IMA-appraisal enabled, and works as intended - allowing only
> signed
Hi David,
If you are interested in preventing the loading of unsigned firmware,
the patch below is straight forward. The patch has ONLY been tested
with IMA-appraisal enabled, and works as intended - allowing only
signed firmware to be loaded.
Mimi
---
If the kernel is locked down and
Hi David,
If you are interested in preventing the loading of unsigned firmware,
the patch below is straight forward. The patch has ONLY been tested
with IMA-appraisal enabled, and works as intended - allowing only
signed firmware to be loaded.
Mimi
---
If the kernel is locked down and
10 matches
Mail list logo