Re: [PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set

From: David Howells
Date: Thu Oct 26 2017 - 10:52:07 EST


Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:

> The patch title and description needs to be updated to refer to
> lockdown, not securelevel.

Fixed, thanks.

> An additional patch could force these rules to be added to the custom
> policy, if lockdown is enabled.

I'll have a look at your patch, though at this point I'm leaning towards
passing the current series to James for security/next and then passing your
patch along afterwards, if that's okay with you. It should still get in the
next merge window if that's the case.

David