diff for duplicates of <1491553688.4184.73.camel@linux.vnet.ibm.com>
diff --git a/a/1.txt b/N1/1.txt
index a3411ee..3a47115 100644
--- a/a/1.txt
+++ b/N1/1.txt
@@ -1,6 +1,6 @@
On Fri, 2017-04-07 at 15:41 +0800, Dave Young wrote:
> On 04/07/17 at 08:07am, David Howells wrote:
-> > Dave Young <dyoung@redhat.com> wrote:
+> > Dave Young <dyoung-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
> >
> > > > > > + /* Don't permit images to be loaded into trusted kernels if we're not
> > > > > > + * going to verify the signature on them
diff --git a/a/content_digest b/N1/content_digest
index 110e666..7f45c69 100644
--- a/a/content_digest
+++ b/N1/content_digest
@@ -20,7 +20,10 @@
"ref\00020170407074159.GB10737\@dhcp-128-65.nay.redhat.com\0"
]
[
- "From\0Mimi Zohar <zohar\@linux.vnet.ibm.com>\0"
+ "ref\00020170407074159.GB10737-0VdLhd/A9Pl+NNSt+8eSiB/sF2h8X+2i0E9HWUfgJXw\@public.gmane.org\0"
+]
+[
+ "From\0Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8\@public.gmane.org>\0"
]
[
"Subject\0Re: [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set\0"
@@ -29,20 +32,20 @@
"Date\0Fri, 07 Apr 2017 04:28:08 -0400\0"
]
[
- "To\0Dave Young <dyoung\@redhat.com>",
- " David Howells <dhowells\@redhat.com>\0"
+ "To\0Dave Young <dyoung-H+wXaHxf7aLQT0dZR+AlfA\@public.gmane.org>",
+ " David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA\@public.gmane.org>\0"
]
[
- "Cc\0linux-kernel\@vger.kernel.org",
- " Matthew Garrett <mjg59\@srcf.ucam.org>",
- " linux-efi\@vger.kernel.org",
- " gnomes\@lxorguk.ukuu.org.uk",
- " Chun-Yi Lee <jlee\@suse.com>",
- " gregkh\@linuxfoundation.org",
- " kexec\@lists.infradead.org",
- " linux-security-module\@vger.kernel.org",
- " keyrings\@vger.kernel.org",
- " matthew.garrett\@nebula.com\0"
+ "Cc\0linux-kernel-u79uwXL29TY76Z2rM5mHXA\@public.gmane.org",
+ " Matthew Garrett <mjg59-1xO5oi07KQx4cg9Nei1l7Q\@public.gmane.org>",
+ " linux-efi-u79uwXL29TY76Z2rM5mHXA\@public.gmane.org",
+ " gnomes-qBU/x9rampVanCEyBjwyrvXRex20P6io\@public.gmane.org",
+ " Chun-Yi Lee <jlee-IBi9RG/b67k\@public.gmane.org>",
+ " gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r\@public.gmane.org",
+ " kexec-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r\@public.gmane.org",
+ " linux-security-module-u79uwXL29TY76Z2rM5mHXA\@public.gmane.org",
+ " keyrings-u79uwXL29TY76Z2rM5mHXA\@public.gmane.org",
+ " matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA\@public.gmane.org\0"
]
[
"\0000:1\0"
@@ -53,7 +56,7 @@
[
"On Fri, 2017-04-07 at 15:41 +0800, Dave Young wrote:\n",
"> On 04/07/17 at 08:07am, David Howells wrote:\n",
- "> > Dave Young <dyoung\@redhat.com> wrote:\n",
+ "> > Dave Young <dyoung-H+wXaHxf7aLQT0dZR+AlfA\@public.gmane.org> wrote:\n",
"> > \n",
"> > > > > > +\t/* Don't permit images to be loaded into trusted kernels if we're not\n",
"> > > > > > +\t * going to verify the signature on them\n",
@@ -94,4 +97,4 @@
"Mimi"
]
-1af4ad7626697cd5dd5e4ac2fef19afc7c87b211069835ee94a350c85d1e8863
+0be2e4fcc8b0241c63fcc283de640b57a037975499a697bea5ae3e153dfd6863
diff --git a/a/1.txt b/N2/1.txt
index a3411ee..3606a18 100644
--- a/a/1.txt
+++ b/N2/1.txt
@@ -11,7 +11,7 @@ On Fri, 2017-04-07 at 15:41 +0800, Dave Young wrote:
> > > > > >
> > > >
> > > > IMA can be used to verify file signatures too, based on the LSM hooks
-> > > > in kernel_read_file_from_fd(). CONFIG_KEXEC_VERIFY_SIG should not be
+> > > > in ?kernel_read_file_from_fd(). ?CONFIG_KEXEC_VERIFY_SIG should not be
> > > > required.
> > >
> > > Mimi, I remember we talked somthing before about the two signature
@@ -31,11 +31,16 @@ the kexec kernel image signature, as the test would not be based on a
Kconfig option, but on a runtime variable.
To answer your question, the rule for requiring the policy to be
-signed is: appraise func=POLICY_CHECK appraise_type=imasig
+signed is: ?appraise func=POLICY_CHECK appraise_type=imasig
When the ability to append rules is Kconfig enabled, the builtin
policy requires the new policy or additional rules to be signed.
- Unfortunately, always requiring the policy to be signed, would have
+?Unfortunately, always requiring the policy to be signed, would have
broken userspace.
-Mimi
\ No newline at end of file
+Mimi
+
+--
+To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
+the body of a message to majordomo at vger.kernel.org
+More majordomo info at http://vger.kernel.org/majordomo-info.html
\ No newline at end of file
diff --git a/a/content_digest b/N2/content_digest
index 110e666..1954513 100644
--- a/a/content_digest
+++ b/N2/content_digest
@@ -20,29 +20,16 @@
"ref\00020170407074159.GB10737\@dhcp-128-65.nay.redhat.com\0"
]
[
- "From\0Mimi Zohar <zohar\@linux.vnet.ibm.com>\0"
+ "From\0zohar\@linux.vnet.ibm.com (Mimi Zohar)\0"
]
[
- "Subject\0Re: [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set\0"
+ "Subject\0[PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set\0"
]
[
"Date\0Fri, 07 Apr 2017 04:28:08 -0400\0"
]
[
- "To\0Dave Young <dyoung\@redhat.com>",
- " David Howells <dhowells\@redhat.com>\0"
-]
-[
- "Cc\0linux-kernel\@vger.kernel.org",
- " Matthew Garrett <mjg59\@srcf.ucam.org>",
- " linux-efi\@vger.kernel.org",
- " gnomes\@lxorguk.ukuu.org.uk",
- " Chun-Yi Lee <jlee\@suse.com>",
- " gregkh\@linuxfoundation.org",
- " kexec\@lists.infradead.org",
- " linux-security-module\@vger.kernel.org",
- " keyrings\@vger.kernel.org",
- " matthew.garrett\@nebula.com\0"
+ "To\0linux-security-module\@vger.kernel.org\0"
]
[
"\0000:1\0"
@@ -64,7 +51,7 @@
"> > > > > > \n",
"> > > > \n",
"> > > > IMA can be used to verify file signatures too, based on the LSM hooks\n",
- "> > > > in \302\240kernel_read_file_from_fd(). \302\240CONFIG_KEXEC_VERIFY_SIG should not be\n",
+ "> > > > in ?kernel_read_file_from_fd(). ?CONFIG_KEXEC_VERIFY_SIG should not be\n",
"> > > > required.\n",
"> > > \n",
"> > > Mimi, I remember we talked somthing before about the two signature \n",
@@ -84,14 +71,19 @@
"Kconfig option, but on a runtime variable.\n",
"\n",
"To answer your question, the rule for requiring the policy to be\n",
- "signed is: \302\240appraise func=POLICY_CHECK appraise_type=imasig\n",
+ "signed is: ?appraise func=POLICY_CHECK appraise_type=imasig\n",
"\n",
"When the ability to append rules is Kconfig enabled, the builtin\n",
"policy requires the new policy or additional rules to be signed.\n",
- "\302\240Unfortunately, always requiring the policy to be signed, would have\n",
+ "?Unfortunately, always requiring the policy to be signed, would have\n",
"broken userspace.\n",
"\n",
- "Mimi"
+ "Mimi\n",
+ "\n",
+ "--\n",
+ "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n",
+ "the body of a message to majordomo at vger.kernel.org\n",
+ "More majordomo info at http://vger.kernel.org/majordomo-info.html"
]
-1af4ad7626697cd5dd5e4ac2fef19afc7c87b211069835ee94a350c85d1e8863
+616358e26f1e219fccacd364250b2bc7f7653b2c263ff9f459c128c0200b4142
diff --git a/a/1.txt b/N3/1.txt
index a3411ee..71b98fb 100644
--- a/a/1.txt
+++ b/N3/1.txt
@@ -38,4 +38,10 @@ policy requires the new policy or additional rules to be signed.
Unfortunately, always requiring the policy to be signed, would have
broken userspace.
-Mimi
\ No newline at end of file
+Mimi
+
+
+_______________________________________________
+kexec mailing list
+kexec@lists.infradead.org
+http://lists.infradead.org/mailman/listinfo/kexec
\ No newline at end of file
diff --git a/a/content_digest b/N3/content_digest
index 110e666..d67311c 100644
--- a/a/content_digest
+++ b/N3/content_digest
@@ -33,13 +33,13 @@
" David Howells <dhowells\@redhat.com>\0"
]
[
- "Cc\0linux-kernel\@vger.kernel.org",
- " Matthew Garrett <mjg59\@srcf.ucam.org>",
+ "Cc\0Matthew Garrett <mjg59\@srcf.ucam.org>",
" linux-efi\@vger.kernel.org",
" gnomes\@lxorguk.ukuu.org.uk",
- " Chun-Yi Lee <jlee\@suse.com>",
" gregkh\@linuxfoundation.org",
" kexec\@lists.infradead.org",
+ " linux-kernel\@vger.kernel.org",
+ " Chun-Yi Lee <jlee\@suse.com>",
" linux-security-module\@vger.kernel.org",
" keyrings\@vger.kernel.org",
" matthew.garrett\@nebula.com\0"
@@ -91,7 +91,13 @@
"\302\240Unfortunately, always requiring the policy to be signed, would have\n",
"broken userspace.\n",
"\n",
- "Mimi"
+ "Mimi\n",
+ "\n",
+ "\n",
+ "_______________________________________________\n",
+ "kexec mailing list\n",
+ "kexec\@lists.infradead.org\n",
+ "http://lists.infradead.org/mailman/listinfo/kexec"
]
-1af4ad7626697cd5dd5e4ac2fef19afc7c87b211069835ee94a350c85d1e8863
+03e2184834f30cbe2e9d72a164e51ef1e965eaceb16d014f37944d30ea6cc612
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.