Re: [PATCH v5 0/6] LSM: LoadPin for kernel file loading restrictions

From: James Morris
Date: Wed Apr 20 2016 - 20:22:44 EST

Next message: Fabio Estevam: "Re: [PATCH v3] ARM: dts: imx6: Add dts for Embest MarS Board"
Previous message: Darren Hart: "[GIT PULL] platform-drivers-x86 for 4.6-2"
In reply to: Kees Cook: "[PATCH 2/6] string_helpers: add kstrdup_quotable_cmdline"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 20 Apr 2016, Kees Cook wrote:

> This provides the mini-LSM "loadpin" that intercepts the now consolidated
> kernel_file_read LSM hook so that a system can keep all loads coming from
> a single trusted filesystem. This is what Chrome OS uses to pin kernel
> module and firmware loading to the read-only crypto-verified dm-verity
> partition so that kernel module signing is not needed.
>

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next

--
James Morris
<jmorris@xxxxxxxxx>

Next message: Fabio Estevam: "Re: [PATCH v3] ARM: dts: imx6: Add dts for Embest MarS Board"
Previous message: Darren Hart: "[GIT PULL] platform-drivers-x86 for 4.6-2"
In reply to: Kees Cook: "[PATCH 2/6] string_helpers: add kstrdup_quotable_cmdline"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]