[PATCH v4 0/8] kexec/firmware: support system wide policy requiring signatures

Kees Cook keescook at chromium.org
Tue Jun 5 13:43:31 UTC 2018


On Tue, Jun 5, 2018 at 6:25 AM, Serge E. Hallyn <serge at hallyn.com> wrote:
> Quoting Kees Cook (keescook at chromium.org):
>> On Mon, Jun 4, 2018 at 9:09 PM, Serge E. Hallyn <serge at hallyn.com> wrote:
>> > Personally I agree with Eric and prefer a new hook.  I don't feel strongly
>> > enough about it to keep bikeshedding, but since this set already exists,
>> > it seems like the way to go.
>>
>> And the new hook is "load stuff without a file descriptor"?
>
> Yes.  Load stuff based on my own credentials not those attached
> to a file.

Okay, I can live with that. :)

-- 
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list