Re: [PATCH 21/21] MODSIGN: Apply signature checking to modules on module load [ver #3]

From: Rusty Russell
Date: Thu Dec 15 2011 - 22:57:39 EST


On Thu, 15 Dec 2011 00:14:31 +0000, David Howells <dhowells@xxxxxxxxxx> wrote:
> Rusty Russell <rusty@xxxxxxxxxx> wrote:
>
> > > > We can have false positives, but at worst that make us report EINVAL
> > > > (bad signature) instead of ENOENT (no signature).
> > >
> > > EKEYREJECTED please; that way it's the same as RHEL does now.
> >
> > OK, sure (who knew that was there?).

Oh yes, I read these, but I didn't appreciate that those errnos had
existed for over 6 years.

Cheers,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/