[PATCH 2/2] integrity: replace call to integrity_read_file with kernel version
hch at infradead.org
Thu Sep 14 20:49:54 UTC 2017
On Fri, Sep 15, 2017 at 06:21:28AM +1000, James Morris wrote:
> So, to be clear, this patch solves the XFS deadlock using a different
> approach (to the now reverted integrity_read approach), which Christoph
> also says is more correct generally. Correct?
No. It is in addition to the previous patches - the patches were
correct for the IMA interaction with the I/O path. It just turns
out that the function was also reused for reading certificates
at initialization time, for which that change was incorrect.
If this series is applied first the integrity_read code is not
used for that path any more.
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive