[RFC PATCH] ima: require secure_boot rules in lockdown mode
David Howells
dhowells at redhat.com
Mon Oct 30 15:55:10 UTC 2017
I've added this into my series as the third patch, but:
Mimi Zohar <zohar at linux.vnet.ibm.com> wrote:
> + ima_use_appraise_tcb = TRUE;
Did you mean "true" rather than "TRUE"?
> + entry = kzalloc(sizeof(*entry), GFP_KERNEL);
> + if (entry) {
> + memcpy(entry, &secure_boot_rules[i],
> + sizeof(*entry));
kmemdup()?
I guess also that oopsing is okay if the allocation fails. We've run out of
memory during early boot, after all.
> + INIT_LIST_HEAD(&entry->list);
> + list_add_tail(&entry->list, &ima_policy_rules);
Isn't the init redundant, given the following line?
David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list