Re: [PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set

From: David Howells
Date: Thu Oct 26 2017 - 10:52:07 EST

Next message: Michal Hocko: "Re: [PATCH 2/2] mm: oom: dump single excessive slab cache when oom"
Previous message: Christian Borntraeger: "Re: [PATCH 1/2] kvm: whitelist struct kvm_vcpu_arch"
In reply to: Mimi Zohar: "Re: [PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:

> The patch title and description needs to be updated to refer to
> lockdown, not securelevel.

Fixed, thanks.

> An additional patch could force these rules to be added to the custom
> policy, if lockdown is enabled.

I'll have a look at your patch, though at this point I'm leaning towards
passing the current series to James for security/next and then passing your
patch along afterwards, if that's okay with you. It should still get in the
next merge window if that's the case.

David

Next message: Michal Hocko: "Re: [PATCH 2/2] mm: oom: dump single excessive slab cache when oom"
Previous message: Christian Borntraeger: "Re: [PATCH 1/2] kvm: whitelist struct kvm_vcpu_arch"
In reply to: Mimi Zohar: "Re: [PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]