Received: by 10.192.165.156 with SMTP id m28csp1158542imm; Wed, 11 Apr 2018 13:33:28 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+V80OyMLkII1QtQdo6BnospIzp8Tpn2Ql3+BEqwfMFAEKpVuSgQReUiTsu+XcXWBRXADZC X-Received: by 2002:a17:902:28a4:: with SMTP id f33-v6mr6459297plb.115.1523478808222; Wed, 11 Apr 2018 13:33:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523478808; cv=none; d=google.com; s=arc-20160816; b=Wx9x0yXaNMnPKkq1J8U63MxafnuQ7setDmRYkJCp75TZdPeqaqAkWEdpBvmF2aiH2V zedrXmR/Be0RVpQDCEItWLCJ5FzUd3xd2hVQdK0r21tvaXqvkPyBEdJln8QZIaX8uuW5 MI+ejCc7DDL+y7ai/MYOuMJ0Lj684cMvtseyJ5GLU9lPaetLUsgqeYK+UcmVArAPx7Fj qo5G/Se3RK0u/jsjbfCZpNnMiCiUy/C9LD3/MfN6ycxUZqew+sbfN22fokdjAnWC8H4H Es1Da/pytOF1++OCvWwfz35pg65Sy55MWzWNMbnTDIe6Nra30p/3jF2csSvo9+NsKD1X fdXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=juyQZkuY7rJkaKlS7uQO9o/TDJEvAr6Jfpo3nl7wuBE=; b=Q+eSWOYa5P3t/MGE8KPiY/NyT4Jh/jR4+8HW3lYHd6pU7srlbAapy4hITcTKl+uBeS 426kmHGPXyf8uK8By/37ANj/2D1+eN4FuGjX1d5VTcNV6xXyoQA7JzXbJoD1I29YZHjm e67Ce/E+F+1SsEAEnNHn8QlfKgXAkqb37FmsHZKO6ZErcJpTtzsV0hJDQDIQ6WQQUwst Io4uDs2Fl/eh9I+uFTl0OviF7ASRMxDglYmfqmngjTccjcPVb9Fbz7Qz30kMul+fqwxE dA9qaOVp81eqO9pO8TAoktSi2MqMdN0PH+0srd9nfBMxzfWHhmOF00YzFTE113Pun6nO Spgg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=r6TPUEDV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v13si1230389pgq.478.2018.04.11.13.32.51; Wed, 11 Apr 2018 13:33:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=r6TPUEDV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932650AbeDKSu1 (ORCPT + 99 others); Wed, 11 Apr 2018 14:50:27 -0400 Received: from mail-qk0-f193.google.com ([209.85.220.193]:46125 "EHLO mail-qk0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932631AbeDKSuW (ORCPT ); Wed, 11 Apr 2018 14:50:22 -0400 Received: by mail-qk0-f193.google.com with SMTP id l16so2104942qke.13; Wed, 11 Apr 2018 11:50:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=juyQZkuY7rJkaKlS7uQO9o/TDJEvAr6Jfpo3nl7wuBE=; b=r6TPUEDVryAzsezwmWAjh9VjCR/fX/hhEc5HPrrkeSGQOb0Sy2x1mUibR+LFHBTC5V eE8DDcOiQq3i8D8BhSwbAZJM+OfLNPBzJtPixnIrptjNYVNB+1f/8XTDRb5zHVLxENCm mWSkm4umFch2BlfeWffhtTsgadbDidIfx96Ia2GCEVKrq+gqRbaukHpCMJz4AOS1WG9A NGlS/YsVgl8CWNFyUTZ5LYXfDEg3uB1l1skLxNO1U24UhqaF5ttR93HAfBdauXFwdW0g PIyOKcQN9PtW32+Z2EMk6ugj2FREWzGn7F1N2MVOiqj5gijlai5SkRC+eMd/IGKVK/gi j+CA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=juyQZkuY7rJkaKlS7uQO9o/TDJEvAr6Jfpo3nl7wuBE=; b=IeP/E+imbh0WoqvmoFQBj9aH7r6f8/d795+PkwbbvNSg4/lj0wwQiIdCne2eFLo2Uw ma9nXMSrXGakyHX8Qj4yopyVUlSzMWOkqi+LhegHLfkkwN/AmuIhT/K4R711w41ykmSX lp3CWD3cnuJ0x9k3jwQFmuC1QBK+FHLzbO8PpjZcA4cQvmZykw7OWRfXG53Q1F4EKcdK JapfQnOVeq0V7AE1BOC7CpySDA65rnlCF5DuiD4tiNHGLpsjNRRXIBEqyfVMA+NLWV4o 5AOu4bV45Bn5JG/5L778RsGnoOoTA0R8mpDlK6TPxA3w1qCNTzwtDNzZd5tNihIHBtyT lLfw== X-Gm-Message-State: ALQs6tDSx0AYwbJgQak3gr43s93dA1zSgwlabAmZ7+tYeKrweXvpClDr nYMdSKPcM/bfUaX1URxrooN4L2MVzh1hAF3xDHYQ1g== X-Received: by 10.55.104.3 with SMTP id d3mr8110307qkc.306.1523472621368; Wed, 11 Apr 2018 11:50:21 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.52.227 with HTTP; Wed, 11 Apr 2018 11:50:00 -0700 (PDT) In-Reply-To: <6a37b428-d9fb-12d5-8d36-8a032984af8c@infradead.org> References: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> <152346388583.4030.15146667041427303547.stgit@warthog.procyon.org.uk> <6a37b428-d9fb-12d5-8d36-8a032984af8c@infradead.org> From: Miguel Ojeda Date: Wed, 11 Apr 2018 20:50:00 +0200 Message-ID: Subject: Re: [PATCH 01/24] Add the ability to lock down access to the running kernel image To: Randy Dunlap Cc: David Howells , Linus Torvalds , linux-man@vger.kernel.org, linux-api@vger.kernel.org, jmorris@namei.org, linux-kernel , linux-security-module@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 11, 2018 at 7:37 PM, Randy Dunlap wrote: > On 04/11/2018 09:24 AM, David Howells wrote: > >> diff --git a/security/lock_down.c b/security/lock_down.c >> new file mode 100644 >> index 000000000000..f35ffdd096ad >> --- /dev/null >> +++ b/security/lock_down.c >> @@ -0,0 +1,65 @@ >> +/* Lock down the kernel >> + * >> + * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved. >> + * Written by David Howells (dhowells@redhat.com) >> + * >> + * This program is free software; you can redistribute it and/or >> + * modify it under the terms of the GNU General Public Licence >> + * as published by the Free Software Foundation; either version >> + * 2 of the Licence, or (at your option) any later version. > > fsf.org spells that Licence word as License. :) Given this is a new file, simply use the SPF identifier on top. Cheers, Miguel