From: Mimi Zohar <zohar@linux.ibm.com>
To: Dave Young <dyoung@redhat.com>
Cc: linux-integrity@vger.kernel.org, linux-kselftest@vger.kernel.org,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
Petr Vorel <pvorel@suse.cz>, Matthew Garrett <mjg59@google.com>
Subject: Re: [PATCH v4a 1/2] selftests/kexec: make tests independent of IMA being enabled
Date: Tue, 26 Mar 2019 09:56:50 -0400 [thread overview]
Message-ID: <1553608610.3960.37.camel@linux.ibm.com> (raw)
In-Reply-To: <20190326074942.GA19708@dhcp-128-65.nay.redhat.com>
On Tue, 2019-03-26 at 15:49 +0800, Dave Young wrote:
> On 03/25/19 at 04:37pm, Mimi Zohar wrote:
> > On Mon, 2019-03-25 at 16:09 +0800, Dave Young wrote:
> > > Hi Mimi
> > > On 03/22/19 at 03:35pm, Mimi Zohar wrote:
> > > > Verify IMA is enabled before failing tests or emitting irrelevant
> > > > messages. Also, don't skip the test if signatures are not required.
> > > >
> > > > Suggested-by: Dave Young <dyoung@redhat.com>
> > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > > > ---
> > > > Dave, if this patch resolves the outstanding issues, I can fold these
> > > > changes into the original patches. (Reminder, these patches will need to
> > > > be updated to support the "lockdown" patch set.)
> > >
> > > They looks good to me, thanks for the update
> >
> > I've folded the kexec_file_load changes into the kexec_file_load test.
> > The remaining kexec_load change is left as a separate patch, since it
> > is dependent on the ikconfig change.
> >
> > > Feel free to add my reviewed-by, I did some tests although not cover all
> > > ima cases.
> >
> > Thanks! Is this meant as a general "reviewed-by" for all of the
> > patches or just this specific one?
>
> Thank you for taking this as a separate kexec tests, I think it can
> be used for these delta fixes
Ok, I just re-posted the patches, folding part of this patch into the
kexec_file_load test. I've added your Reviewed-by on the remaining
patch.
>
> I read all the patches and reviewed the kexec stuff, but I do not
> understand all the IMA logic yet although I did some simple ima
> tests.
I understand. There are many different aspects to the integrity
subsystem. I'm happy to answer any questions you have.
Mimi
WARNING: multiple messages have this Message-ID (diff)
From: zohar at linux.ibm.com (Mimi Zohar)
Subject: [PATCH v4a 1/2] selftests/kexec: make tests independent of IMA being enabled
Date: Tue, 26 Mar 2019 09:56:50 -0400 [thread overview]
Message-ID: <1553608610.3960.37.camel@linux.ibm.com> (raw)
In-Reply-To: <20190326074942.GA19708@dhcp-128-65.nay.redhat.com>
On Tue, 2019-03-26 at 15:49 +0800, Dave Young wrote:
> On 03/25/19 at 04:37pm, Mimi Zohar wrote:
> > On Mon, 2019-03-25 at 16:09 +0800, Dave Young wrote:
> > > Hi Mimi
> > > On 03/22/19 at 03:35pm, Mimi Zohar wrote:
> > > > Verify IMA is enabled before failing tests or emitting irrelevant
> > > > messages. Also, don't skip the test if signatures are not required.
> > > >
> > > > Suggested-by: Dave Young <dyoung at redhat.com>
> > > > Signed-off-by: Mimi Zohar <zohar at linux.ibm.com>
> > > > ---
> > > > Dave, if this patch resolves the outstanding issues, I can fold these
> > > > changes into the original patches. (Reminder, these patches will need to
> > > > be updated to support the "lockdown" patch set.)
> > >
> > > They looks good to me, thanks for the update
> >
> > I've folded the kexec_file_load changes into the kexec_file_load test.
> > The remaining kexec_load change is left as a separate patch, since it
> > is dependent on the ikconfig change.
> >
> > > Feel free to add my reviewed-by, I did some tests although not cover all
> > > ima cases.
> >
> > Thanks! Is this meant as a general "reviewed-by" for all of the
> > patches or just this specific one?
>
> Thank you for taking this as a separate kexec tests, I think it can
> be used for these delta fixes
Ok, I just re-posted the patches, folding part of this patch into the
kexec_file_load test. I've added your Reviewed-by on the remaining
patch.
>
> I read all the patches and reviewed the kexec stuff, but I do not
> understand all the IMA logic yet although I did some simple ima
> tests.
I understand. There are many different aspects to the integrity
subsystem. I'm happy to answer any questions you have.
Mimi
WARNING: multiple messages have this Message-ID (diff)
From: zohar@linux.ibm.com (Mimi Zohar)
Subject: [PATCH v4a 1/2] selftests/kexec: make tests independent of IMA being enabled
Date: Tue, 26 Mar 2019 09:56:50 -0400 [thread overview]
Message-ID: <1553608610.3960.37.camel@linux.ibm.com> (raw)
Message-ID: <20190326135650.6QPdc5aWkG3rp7kMfH7cGC8gkiOFz-THilHzE_N2QuA@z> (raw)
In-Reply-To: <20190326074942.GA19708@dhcp-128-65.nay.redhat.com>
On Tue, 2019-03-26@15:49 +0800, Dave Young wrote:
> On 03/25/19@04:37pm, Mimi Zohar wrote:
> > On Mon, 2019-03-25@16:09 +0800, Dave Young wrote:
> > > Hi Mimi
> > > On 03/22/19@03:35pm, Mimi Zohar wrote:
> > > > Verify IMA is enabled before failing tests or emitting irrelevant
> > > > messages. Also, don't skip the test if signatures are not required.
> > > >
> > > > Suggested-by: Dave Young <dyoung at redhat.com>
> > > > Signed-off-by: Mimi Zohar <zohar at linux.ibm.com>
> > > > ---
> > > > Dave, if this patch resolves the outstanding issues, I can fold these
> > > > changes into the original patches. (Reminder, these patches will need to
> > > > be updated to support the "lockdown" patch set.)
> > >
> > > They looks good to me, thanks for the update
> >
> > I've folded the kexec_file_load changes into the kexec_file_load test.
> > The remaining kexec_load change is left as a separate patch, since it
> > is dependent on the ikconfig change.
> >
> > > Feel free to add my reviewed-by, I did some tests although not cover all
> > > ima cases.
> >
> > Thanks! Is this meant as a general "reviewed-by" for all of the
> > patches or just this specific one?
>
> Thank you for taking this as a separate kexec tests, I think it can
> be used for these delta fixes
Ok, I just re-posted the patches, folding part of this patch into the
kexec_file_load test. I've added your Reviewed-by on the remaining
patch.
>
> I read all the patches and reviewed the kexec stuff, but I do not
> understand all the IMA logic yet although I did some simple ima
> tests.
I understand. There are many different aspects to the integrity
subsystem. I'm happy to answer any questions you have.
Mimi
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.ibm.com>
To: Dave Young <dyoung@redhat.com>
Cc: kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
Matthew Garrett <mjg59@google.com>, Petr Vorel <pvorel@suse.cz>,
linux-kselftest@vger.kernel.org, linux-integrity@vger.kernel.org
Subject: Re: [PATCH v4a 1/2] selftests/kexec: make tests independent of IMA being enabled
Date: Tue, 26 Mar 2019 09:56:50 -0400 [thread overview]
Message-ID: <1553608610.3960.37.camel@linux.ibm.com> (raw)
In-Reply-To: <20190326074942.GA19708@dhcp-128-65.nay.redhat.com>
On Tue, 2019-03-26 at 15:49 +0800, Dave Young wrote:
> On 03/25/19 at 04:37pm, Mimi Zohar wrote:
> > On Mon, 2019-03-25 at 16:09 +0800, Dave Young wrote:
> > > Hi Mimi
> > > On 03/22/19 at 03:35pm, Mimi Zohar wrote:
> > > > Verify IMA is enabled before failing tests or emitting irrelevant
> > > > messages. Also, don't skip the test if signatures are not required.
> > > >
> > > > Suggested-by: Dave Young <dyoung@redhat.com>
> > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > > > ---
> > > > Dave, if this patch resolves the outstanding issues, I can fold these
> > > > changes into the original patches. (Reminder, these patches will need to
> > > > be updated to support the "lockdown" patch set.)
> > >
> > > They looks good to me, thanks for the update
> >
> > I've folded the kexec_file_load changes into the kexec_file_load test.
> > The remaining kexec_load change is left as a separate patch, since it
> > is dependent on the ikconfig change.
> >
> > > Feel free to add my reviewed-by, I did some tests although not cover all
> > > ima cases.
> >
> > Thanks! Is this meant as a general "reviewed-by" for all of the
> > patches or just this specific one?
>
> Thank you for taking this as a separate kexec tests, I think it can
> be used for these delta fixes
Ok, I just re-posted the patches, folding part of this patch into the
kexec_file_load test. I've added your Reviewed-by on the remaining
patch.
>
> I read all the patches and reviewed the kexec stuff, but I do not
> understand all the IMA logic yet although I did some simple ima
> tests.
I understand. There are many different aspects to the integrity
subsystem. I'm happy to answer any questions you have.
Mimi
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2019-03-26 13:57 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-22 19:35 [PATCH v4a 1/2] selftests/kexec: make tests independent of IMA being enabled Mimi Zohar
2019-03-22 19:35 ` Mimi Zohar
2019-03-22 19:35 ` Mimi Zohar
2019-03-22 19:35 ` zohar
2019-03-22 19:35 ` [PATCH v4a 2/2] selftests/kexec: testing CONFIG_KEXEC_BZIMAGE_VERIFY_SIG is not enough Mimi Zohar
2019-03-22 19:35 ` Mimi Zohar
2019-03-22 19:35 ` Mimi Zohar
2019-03-22 19:35 ` zohar
2019-03-25 8:09 ` [PATCH v4a 1/2] selftests/kexec: make tests independent of IMA being enabled Dave Young
2019-03-25 8:09 ` Dave Young
2019-03-25 8:09 ` Dave Young
2019-03-25 8:09 ` dyoung
2019-03-25 20:37 ` Mimi Zohar
2019-03-25 20:37 ` Mimi Zohar
2019-03-25 20:37 ` Mimi Zohar
2019-03-25 20:37 ` zohar
2019-03-26 7:49 ` Dave Young
2019-03-26 7:49 ` Dave Young
2019-03-26 7:49 ` Dave Young
2019-03-26 7:49 ` dyoung
2019-03-26 13:56 ` Mimi Zohar [this message]
2019-03-26 13:56 ` Mimi Zohar
2019-03-26 13:56 ` Mimi Zohar
2019-03-26 13:56 ` zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1553608610.3960.37.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=dyoung@redhat.com \
--cc=kexec@lists.infradead.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mjg59@google.com \
--cc=pvorel@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.