lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 07 Jun 2009 01:43:12 +0530 From: Sachin Sant <sachinp@...ibm.com> To: Mimi Zohar <zohar@...ibm.com> CC: linux-kernel <linux-kernel@...r.kernel.org> Subject: Re: [IMA] 2.6.30-rc8 : Bug while trying to launch a KVM guest Mimi Zohar wrote: > This bug has been addressed in linux-next. Please refer to: > > f06dd16a03f6f7f72fab4db03be36e28c28c6fd6 : IMA: Handle dentry_open > failures > 1a62e958fa4aaeeb752311b4f5e16b2a86737b23 : IMA: open all files O_LARGEFILE > 04288f42033607099cebf5ca15ce8dcec3a9688b : integrity: ima audit > dentry_open failure > > The default policy in 2.6.30 measures all files open for read by root. > (So starting the VM as root will cause it to be read.) This linux-next > patch changes the default behavior so that nothing is measured. > > 5789ba3bd0a3cd20df5980ebf03358f2eb44fd67 : IMA: Minimal IMA policy and > boot param for TCB IMA policy > I am able to boot the kvm guest after applying the following two patches. commit f06dd16a03f6f7f72fab4db03be36e28c28c6fd6 commit 1a62e958fa4aaeeb752311b4f5e16b2a86737b23 Thanks Mimi for the help. Regards -Sachin -- --------------------------------- Sachin Sant IBM Linux Technology Center India Systems and Technology Labs Bangalore, India --------------------------------- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists