Re: [PATCH v3 0/6] LSM: LoadPin for kernel file loading restrictions

From: James Morris
Date: Tue Apr 12 2016 - 06:01:34 EST

Next message: Thierry Reding: "Re: [RESEND 01/11] pwm: Add PWM Capture support"
Previous message: Peter Ujfalusi: "Re: [PATCH v2 0/3] ARM: OMAP3: Fix McBSP2/3 hwmod setup for sidetone"
Next in thread: Kees Cook: "Re: [PATCH v3 0/6] LSM: LoadPin for kernel file loading restrictions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 6 Apr 2016, Kees Cook wrote:

> This provides the mini-LSM "loadpin" that intercepts the now consolidated
> kernel_file_read LSM hook so that a system can keep all loads coming from
> a single trusted filesystem. This is what Chrome OS uses to pin kernel
> module and firmware loading to the read-only crypto-verified dm-verity
> partition so that kernel module signing is not needed.
>

This all looks good to me, just waiting now for the const fix suggested by
Joe.

--
James Morris
<jmorris@xxxxxxxxx>

Next message: Thierry Reding: "Re: [RESEND 01/11] pwm: Add PWM Capture support"
Previous message: Peter Ujfalusi: "Re: [PATCH v2 0/3] ARM: OMAP3: Fix McBSP2/3 hwmod setup for sidetone"
Next in thread: Kees Cook: "Re: [PATCH v3 0/6] LSM: LoadPin for kernel file loading restrictions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]