Re: [PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set
From: David Howells
Date: Mon Oct 30 2017 - 05:00:39 EST
Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> Yes, that works. ÂThanks! ÂRemember is_ima_appraise_enabled() is
> dependent on the "ima: require secure_boot rules in lockdown mode"
> patch -Âhttp://kernsec.org/pipermail/linux-security-module-archive/201
> 7-October/003910.html.
What happens if the file in question is being accessed from a filesystem that
doesn't have xattrs and doesn't provide support for appraisal? Is it rejected
outright or just permitted?
David