[PATCH 03/27] Enforce module signatures if the kernel is locked down
David Howells
dhowells at redhat.com
Mon Oct 30 17:00:34 UTC 2017
Mimi Zohar <zohar at linux.vnet.ibm.com> wrote:
> This kernel_is_locked_down() check is being called for both the
> original and new module_load syscalls. We need to be able
> differentiate them. This is fine for the original syscall, but for
> the new syscall we would need an additional IMA check -
> !is_ima_appraise_enabled().
IMA can only be used with finit_module()?
David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list