From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755483AbdDFJ2L (ORCPT ); Thu, 6 Apr 2017 05:28:11 -0400 Received: from mx1.redhat.com ([209.132.183.28]:47162 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755193AbdDFIlS (ORCPT ); Thu, 6 Apr 2017 04:41:18 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com B9C5F2E6076 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=dhowells@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com B9C5F2E6076 Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: <1491460792.1645.1.camel@suse.com> References: <1491460792.1645.1.camel@suse.com> <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk> <149142336965.5101.2946578135980499557.stgit@warthog.procyon.org.uk> To: Oliver Neukum Cc: dhowells@redhat.com, "Rafael J. Wysocki" , Linux Kernel Mailing List , Matthew Garrett , linux-efi@vger.kernel.org, gnomes@lxorguk.ukuu.org.uk, Greg Kroah-Hartman , Linux PM , linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, matthew.garrett@nebula.com Subject: Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <14979.1491468060.1@warthog.procyon.org.uk> Date: Thu, 06 Apr 2017 09:41:00 +0100 Message-ID: <14980.1491468060@warthog.procyon.org.uk> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Thu, 06 Apr 2017 08:41:03 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Oliver Neukum wrote: > Your swap partition may be located on an NVDIMM or be encrypted. An NVDIMM should be considered the same as any other persistent storage. It may be encrypted, but where's the key stored, how easy is it to retrieve and does the swapout code know this? > Isn't this a bit overly drastic? Perhaps, but if it's on disk and it's not encrypted, then maybe not. David From mboxrd@z Thu Jan 1 00:00:00 1970 From: dhowells@redhat.com (David Howells) Date: Thu, 06 Apr 2017 09:41:00 +0100 Subject: [PATCH 11/24] uswsusp: Disable when the kernel is locked down In-Reply-To: <1491460792.1645.1.camel@suse.com> References: <1491460792.1645.1.camel@suse.com> <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk> <149142336965.5101.2946578135980499557.stgit@warthog.procyon.org.uk> Message-ID: <14980.1491468060@warthog.procyon.org.uk> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org Oliver Neukum wrote: > Your swap partition may be located on an NVDIMM or be encrypted. An NVDIMM should be considered the same as any other persistent storage. It may be encrypted, but where's the key stored, how easy is it to retrieve and does the swapout code know this? > Isn't this a bit overly drastic? Perhaps, but if it's on disk and it's not encrypted, then maybe not. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html