[PATCH 0/4] LoadPin: Allow filesystem switch when not enforcing
Serge E. Hallyn
serge at hallyn.com
Mon Dec 12 21:32:33 UTC 2022
On Fri, Dec 09, 2022 at 11:57:41AM -0800, Kees Cook wrote:
> Hi,
>
> Right now, LoadPin isn't much use on general purpose distros since modules
> tend to be loaded from multiple filesystems at boot (first initramfs,
> then real rootfs). Allow the potential mount pin to move when enforcement
> is not enabled.
>
> -Kees
Reviewed-by: Serge Hallyn <serge at hallyn.com>
to the set, thanks.
>
> Kees Cook (4):
> LoadPin: Refactor read-only check into a helper
> LoadPin: Refactor sysctl initialization
> LoadPin: Move pin reporting cleanly out of locking
> LoadPin: Allow filesystem switch when not enforcing
>
> security/loadpin/loadpin.c | 89 ++++++++++++++++++++++----------------
> 1 file changed, 52 insertions(+), 37 deletions(-)
>
> --
> 2.34.1
More information about the Linux-security-module-archive
mailing list