[RFC PATCH] ima: require secure_boot rules in lockdown mode

Mimi Zohar zohar at linux.vnet.ibm.com
Thu Nov 9 03:06:58 UTC 2017


On Thu, 2017-11-09 at 10:26 +1100, Stephen Rothwell wrote:
> Hi Mimi,
> 
> On Wed, 08 Nov 2017 16:04:07 -0500 Mimi Zohar <zohar at linux.vnet.ibm.com> wrote:
> >
> > On Thu, 2017-11-09 at 07:53 +1100, Stephen Rothwell wrote:
> > > 
> > > On Wed, 08 Nov 2017 15:46:22 -0500 Mimi Zohar <zohar at linux.vnet.ibm.com> wrote:  
> > > >
> > > > [Cc'ing Stephen Rothwell]
> > > > 
> > > > On Tue, 2017-10-31 at 14:25 +1100, James Morris wrote:  
> > > > > On Mon, 30 Oct 2017, Mimi Zohar wrote:
> > > > >     
> > > > > > James is staging the subsystem patches independently of each other, in
> > > > > > case of a similar problem, so that they can be pulled separately.
> > > > > >  There's a new "next-general" branch.    
> > > > > 
> > > > > If you send me a pull request, I'm combining branches into next-testing, 
> > > > > too, which is pulled into -next.    
> > > > 
> > > > linux-next already has the IMA patches, which might be confusing.  
> > > 
> > > Not if they are the same *commits* i.e. if the tree/branch that James
> > > merges is the same as the one that I already merge of yours
> > > (git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity#next)  
> > 
> > James' security tree is based on -rc3, while the integrity tree is
> > based on -rc4.  The rebased integrity patches are now in my security-
> > next-integrity branch.
> 
> So since those patches are now in James tree, you should drop them from
> the integrity tree.

Ok, I had been planning on sending an independent pull request to
Linus, as requested.

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list