[GIT PULL] Security subsystem: integrity updates for v4.15
Mimi Zohar
zohar at linux.vnet.ibm.com
Wed Nov 15 12:37:20 UTC 2017
On Mon, 2017-11-13 at 09:05 +1100, James Morris wrote:
> Hi Linus,
>
> Please pull these fixes for the Integrity subsystem.
>
> (From Mimi)
>
> "There is a mixture of bug fixes, code cleanup, preparatory code for new
> functionality and new functionality.
>
> Commit 26ddabfe96bb "evm: enable EVM when X509 certificate is loaded"
> enabled EVM without loading a symmetric key, but was limited to defining
> the x509 certificate pathname at build. Included in this set of patches
> is the ability of enabling EVM, without loading the EVM symmetric key,
> from userspace. New is the ability to prevent the loading of an EVM
> symmetric key."
James, thank you for keeping the integrity patches separate, as
requested, and sending the extra pull request. This is extra work for
you, but I really appreciate it. The pull request seems to have gone
smoothly.
So much of the integrity subsystem is dependent on the other security
subsystems (eg. keys, TPM, LSM hooks). Having a common security
testing branch is really helpful. It makes collaboration that much
easier.
Thanks!
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list