Re: Kernel panic at Ubuntu: IMA + Apparmor

From: Dmitry Kasatkin
Date: Sat Apr 26 2014 - 04:58:57 EST

Next message: Borislav Petkov: "Re: [PATCH v2 2/5] x86/PCI: Support additional MMIO range capabilities"
Previous message: Fabian Frederick: "[PATCH V2] fs/jfs/super.c: remove 0 assignment on static + code clean-up"
In reply to: Eric W. Biederman: "Re: Kernel panic at Ubuntu: IMA + Apparmor"
Next in thread: Al Viro: "Re: Kernel panic at Ubuntu: IMA + Apparmor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 26 April 2014 01:38, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote:
> Dmitry Kasatkin <dmitry.kasatkin@xxxxxxxxx> writes:
>
>> Is it really a show stopper to switch order of 2 functions as quick fix?
>> It was like that before 3.10 and seemed ok...
>
> When that is the question. The answer is yes it is a show stopper.
>
> A quick fix to bury a fundamental design flaw because the code
> previously seemed ok. That seems fundamentally wrong.
>
> Having IMA conflict with Apparmor in Kconfig would be a sensible quick
> fix.
>
> Eric

Conflict with Apparmor means with Ubuntu.

But answering to your early question..
IMA does not want permission denied when measuring and re-measuring files.
may_open() is doing that job before.

We need quickly introduce kernel_read without LSM checks...

--
Thanks,
Dmitry
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Borislav Petkov: "Re: [PATCH v2 2/5] x86/PCI: Support additional MMIO range capabilities"
Previous message: Fabian Frederick: "[PATCH V2] fs/jfs/super.c: remove 0 assignment on static + code clean-up"
In reply to: Eric W. Biederman: "Re: Kernel panic at Ubuntu: IMA + Apparmor"
Next in thread: Al Viro: "Re: Kernel panic at Ubuntu: IMA + Apparmor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]