Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932135Ab3CDRqs (ORCPT ); Mon, 4 Mar 2013 12:46:48 -0500 Received: from mx1.redhat.com ([209.132.183.28]:35177 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756841Ab3CDRqr (ORCPT ); Mon, 4 Mar 2013 12:46:47 -0500 Date: Mon, 4 Mar 2013 12:46:28 -0500 From: Vivek Goyal To: Mimi Zohar Cc: Eric Paris , linux kernel mailing list , LSM List Subject: Re: IMA: How to manage user space signing policy with others Message-ID: <20130304174628.GC15199@redhat.com> References: <20130228213534.GF11360@redhat.com> <1362102544.9158.35.camel@falcor1> <1362140107.9158.101.camel@falcor1> <20130301152839.GA3457@redhat.com> <20130301184027.GB3457@redhat.com> <1362166753.9158.169.camel@falcor1> <20130301213329.GC3457@redhat.com> <1362346944.18325.1.camel@falcor1> <20130304152919.GA15199@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20130304152919.GA15199@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 789 Lines: 20 On Mon, Mar 04, 2013 at 10:29:19AM -0500, Vivek Goyal wrote: [..] > This reduces our options but trying to make multiple policies co-exist > together is just making it complicated. We can take it up again when > somebody has a strong use case of using secureboot policy along with > other policies. Well, I also see the unused hook for module verification. Right now there is no policy for that but if we ever decide to do module verification using ima hook, then we will have this question that where does that rule go in now. Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/