Re: [PATCH 0/4] LoadPin: Allow filesystem switch when not enforcing

From: Serge E. Hallyn
Date: Mon Dec 12 2022 - 16:32:42 EST

Next message: Tejun Heo: "Re: [PATCH 14/31] sched_ext: Implement BPF extensible scheduler class"
Previous message: Vipin Sharma: "Re: [PATCH v2] scripts/tags.sh: choose which directories to exclude from being indexed"
In reply to: Kees Cook: "[PATCH 4/4] LoadPin: Allow filesystem switch when not enforcing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Dec 09, 2022 at 11:57:41AM -0800, Kees Cook wrote:
> Hi,
>
> Right now, LoadPin isn't much use on general purpose distros since modules
> tend to be loaded from multiple filesystems at boot (first initramfs,
> then real rootfs). Allow the potential mount pin to move when enforcement
> is not enabled.
>
> -Kees

Reviewed-by: Serge Hallyn <serge@xxxxxxxxxx>

to the set, thanks.

>
> Kees Cook (4):
> LoadPin: Refactor read-only check into a helper
> LoadPin: Refactor sysctl initialization
> LoadPin: Move pin reporting cleanly out of locking
> LoadPin: Allow filesystem switch when not enforcing
>
> security/loadpin/loadpin.c | 89 ++++++++++++++++++++++----------------
> 1 file changed, 52 insertions(+), 37 deletions(-)
>
> --
> 2.34.1

Next message: Tejun Heo: "Re: [PATCH 14/31] sched_ext: Implement BPF extensible scheduler class"
Previous message: Vipin Sharma: "Re: [PATCH v2] scripts/tags.sh: choose which directories to exclude from being indexed"
In reply to: Kees Cook: "[PATCH 4/4] LoadPin: Allow filesystem switch when not enforcing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]