Re: [IMA] 2.6.30-rc8 : Bug while trying to launch a KVM guest

From: Sachin Sant
Date: Sat Jun 06 2009 - 16:13:28 EST

Next message: Jesse Barnes: "Re: Intel 915GM MCHBAR bug"
Previous message: tip-bot for Ingo Molnar: "[tip:perfcounters/core] perf annotate: Fix command line help text"
In reply to: Mimi Zohar: "Re: [IMA] 2.6.30-rc8 : Bug while trying to launch a KVM guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mimi Zohar wrote:

This bug has been addressed in linux-next. Please refer to:

f06dd16a03f6f7f72fab4db03be36e28c28c6fd6 : IMA: Handle dentry_open failures
1a62e958fa4aaeeb752311b4f5e16b2a86737b23 : IMA: open all files O_LARGEFILE
04288f42033607099cebf5ca15ce8dcec3a9688b : integrity: ima audit dentry_open failure

The default policy in 2.6.30 measures all files open for read by root.
(So starting the VM as root will cause it to be read.) This linux-next
patch changes the default behavior so that nothing is measured.

5789ba3bd0a3cd20df5980ebf03358f2eb44fd67 : IMA: Minimal IMA policy and boot param for TCB IMA policy

I am able to boot the kvm guest after applying the following two patches.

commit f06dd16a03f6f7f72fab4db03be36e28c28c6fd6
commit 1a62e958fa4aaeeb752311b4f5e16b2a86737b23

Thanks Mimi for the help.

Regards
-Sachin

--

---------------------------------
Sachin Sant
IBM Linux Technology Center
India Systems and Technology Labs
Bangalore, India
---------------------------------

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jesse Barnes: "Re: Intel 915GM MCHBAR bug"
Previous message: tip-bot for Ingo Molnar: "[tip:perfcounters/core] perf annotate: Fix command line help text"
In reply to: Mimi Zohar: "Re: [IMA] 2.6.30-rc8 : Bug while trying to launch a KVM guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]