Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp910137imm;
        Tue, 5 Jun 2018 06:26:35 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKJiGOBSD4oBHQ/4jqs96HvlIk+JrpfcYnPDYR2ORnvLFo8iAQZ3ZD16a4OD6WmNmS0jo7Qj
X-Received: by 2002:aa7:80c6:: with SMTP id a6-v6mr25465388pfn.120.1528205195929;
        Tue, 05 Jun 2018 06:26:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1528205195; cv=none;
        d=google.com; s=arc-20160816;
        b=NLM42GplXa6Rh8111zn2Cc0HIirejCMrMXdOoOPWA08KuumLJduOFQfB96AfGkDEW2
         WHSf8VaUqIsZSDYRorC5aWsKLPdFB3kEpo4xJo4BYgfPUr04eA8SNemfxQCBZkWjhs8j
         JoITPP6SZixIgRVxDjTSW7IKTrMrNS/qiZl0zVYhTz+NqEs2Xhv4uqZQaAMP7rd84QEF
         Pb1ONSPEe8blznsZ+x2QMZ4CjUSgWh7nPY3FEDq/WmX2Hg4YNf3NzIMVvFoBrRqEupb2
         iVHFX/9761c/pp8k6uuYFM7SFVlcGmeBiY60+wXEZsLkN0x+udjky0+JaWp71qHQkl2Q
         HheQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=QET/fiOy/ZbpKqBsqGSC3vrnOxYe0olZ5dGhpxian+k=;
        b=EqnoWl4CPIbhgCgaX8JMk9UUVkyIkYtt2qs1+H0oW0treBcFGpuQlAQTQJj+MS9yCX
         To666juKs3gcccrpKtY6UmroI6RyAB0vJ3ExIvYbrTaBITsRbLvr2tJgNLu881mL64qh
         NdNiEnLO6F8Eh05rgCOfniG8a3c/E9pf5j6fk9srVroRUPiCeXAx5xpwDCx4RVr+ndfm
         MYfQmerz05Vrty36sSlUwdK5WKkZBVcLrSrhAKWe2ItNt+2eVZqy4jL+7d/wbP8uBynF
         yccGQsKlwRFZouoqTj8GcqKUA265QLwlEG4R6VE1JE0glRhETEehlbdbAOotk30b88Qp
         6+lw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s23-v6si24866196pfi.105.2018.06.05.06.26.20;
        Tue, 05 Jun 2018 06:26:35 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751937AbeFENZr (ORCPT <rfc822;0330sisy@gmail.com> + 99 others);
        Tue, 5 Jun 2018 09:25:47 -0400
Received: from h2.hallyn.com ([78.46.35.8]:58890 "EHLO mail.hallyn.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751822AbeFENZo (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 5 Jun 2018 09:25:44 -0400
Received: by mail.hallyn.com (Postfix, from userid 1001)
        id C9048120C3B; Tue,  5 Jun 2018 08:25:42 -0500 (CDT)
Date:   Tue, 5 Jun 2018 08:25:42 -0500
From:   "Serge E. Hallyn" <serge@hallyn.com>
To:     Kees Cook <keescook@chromium.org>
Cc:     "Serge E. Hallyn" <serge@hallyn.com>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>,
        Casey Schaufler <casey@schaufler-ca.com>,
        James Morris <james.l.morris@oracle.com>,
        Paul Moore <paul@paul-moore.com>,
        linux-integrity <linux-integrity@vger.kernel.org>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        David Howells <dhowells@redhat.com>,
        "Luis R . Rodriguez" <mcgrof@kernel.org>,
        Eric Biederman <ebiederm@xmission.com>,
        Kexec Mailing List <kexec@lists.infradead.org>,
        Andres Rodriguez <andresx7@gmail.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Jessica Yu <jeyu@kernel.org>
Subject: Re: [PATCH v4 0/8] kexec/firmware: support system wide policy
 requiring signatures
Message-ID: <20180605132542.GA26722@mail.hallyn.com>
References: <1527616920-5415-1-git-send-email-zohar@linux.vnet.ibm.com>
 <1528121025.3237.116.camel@linux.vnet.ibm.com>
 <CAGXu5jJGrPtOUa8f4pMiZTiYBEP_eVJ1oEUqum8YBr9JbfuLmg@mail.gmail.com>
 <20180605040920.GA19747@mail.hallyn.com>
 <CAGXu5j+UfR94xAoKsyZY9dhzREH-b2fhTAtQLfX33BhDdMVweA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAGXu5j+UfR94xAoKsyZY9dhzREH-b2fhTAtQLfX33BhDdMVweA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Quoting Kees Cook (keescook@chromium.org):
> On Mon, Jun 4, 2018 at 9:09 PM, Serge E. Hallyn <serge@hallyn.com> wrote:
> > Personally I agree with Eric and prefer a new hook.  I don't feel strongly
> > enough about it to keep bikeshedding, but since this set already exists,
> > it seems like the way to go.
> 
> And the new hook is "load stuff without a file descriptor"?

Yes.  Load stuff based on my own credentials not those attached
to a file.