[PATCH 2/2] IMA: Support using new creds in appraisal policy

[PATCH 1/2] security: Add a cred_getsecid hook · Matthew Garrett <hidden> · 2017-10-16
[PATCH 2/2] IMA: Support using new creds in appraisal policy · Matthew Garrett <hidden> · 2017-10-16
Re: [PATCH 2/2] IMA: Support using new creds in appraisal policy · Mikhail Kurinnoi <hidden> · 2017-10-16
Re: [PATCH 2/2] IMA: Support using new creds in appraisal policy · Matthew Garrett <hidden> · 2017-10-16
Re: [PATCH 2/2] IMA: Support using new creds in appraisal policy · Mimi Zohar <hidden> · 2017-10-17
Re: [PATCH 2/2] IMA: Support using new creds in appraisal policy · Matthew Garrett <hidden> · 2017-10-18
Re: [PATCH 1/2] security: Add a cred_getsecid hook · Casey Schaufler <casey@schaufler-ca.com> · 2017-10-16
Re: [PATCH 1/2] security: Add a cred_getsecid hook · Matthew Garrett <hidden> · 2017-10-18
Re: [PATCH 1/2] security: Add a cred_getsecid hook · Paul Moore <paul@paul-moore.com> · 2017-10-23

From: Matthew Garrett <hidden>
Date: 2017-10-16 21:20:13
Also in: linux-integrity, selinux

On Mon, Oct 16, 2017 at 2:03 PM, Mikhail Kurinnoi
[off-list ref] wrote:

? Mon, 16 Oct 2017 13:37:09 -0700
Matthew Garrett [off-list ref] ?????:

quoted

 #define IMA_BPRM_APPRAISED   0x00002000
 #define IMA_READ_APPRAISE    0x00004000
 #define IMA_READ_APPRAISED   0x00008000
+#define IMA_CREDS_APPRAISE   0x00004000
+#define IMA_CREDS_APPRAISED  0x00008000

Is this correct, that the IMA_CREDS_APPRAISE and IMA_CREDS_APPRAISED
same as IMA_READ_APPRAISE and IMA_READ_APPRAISED?

Definitely not correct, good catch. I'll resend with that fixed if
people feel this approach is reasonable.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help