Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3920561img; Mon, 25 Mar 2019 22:31:25 -0700 (PDT) X-Google-Smtp-Source: APXvYqyse5yNrI9hms0/GDKH1zHzTZwPsVXOTBOh5aPQqBsdYxCRSRrBV9yCg//iLjbg+/IpdxMY X-Received: by 2002:a62:6383:: with SMTP id x125mr27053857pfb.239.1553578285546; Mon, 25 Mar 2019 22:31:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553578285; cv=none; d=google.com; s=arc-20160816; b=cUfkJFOzYswTaqgUzVaQuQcjfvYh5JOUO28UAC7CO2YJFUsE6VJIOyAX+ShdfvAV4I pdm0ZOQyhVquPyev8UHCbcUOKNNrPcmt1jJ6E3OfnmHNct5Zg4RKo3BRF/ehqfqAXpr+ coDyKvUPvJbDoAqs8Asv3AyIC81ZVX+UOMse+2hR3bI1QYl0HqGQV4EPO5v2XGLutRIz LFDB2w9C5VRwd1gPTgBqwwKPvWAM20YPutHpJmaW0ooBLhqCst2ttVi1LEq1F2cMj4HM qdM5HwEv/fxDvQ5UTkTgziuOz+/7dLM8YQPMV8BG0QTeOmhjdOAf/9hxHIGl7qvUc6YC axhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=xuH+jwjS5cxwDT/xNLxhJ5pir6EDS0bIdJPjuQU8hFI=; b=lIp4MT7g0LDhhy6yS0Z1jTJCv7cptV59GEe6eOk1lGVSLlAoMBCN073tMMg/LSWkt+ Joyh/+97nxGx672UIuduZDRiEqP4BvYVcwk2JDrmrLFF9rk538SF1MZlfM9tEiSgS2S0 /hRPT8GPoL+FRP+b7mFyFVv/AoZTllarT87DLVLv+MtQLhJPXCDcWPP7u28fBHyQZYi/ 0D4wEsEQXrRCwk4ZD9cSa7Hn8hWOATfieLDJxWpHEzMS5TTgIg6Jxo60+ffMguMXFXUV wF/y3YOtC96kaH+7wzmhAn5oyMV1mQ2LkyM02cwIe5XFe6pL0ugfrEcPc55PvuA2s6Tl qP4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=IO969YHX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a4si14827588pgq.471.2019.03.25.22.31.10; Mon, 25 Mar 2019 22:31:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=IO969YHX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730941AbfCZFaf (ORCPT + 99 others); Tue, 26 Mar 2019 01:30:35 -0400 Received: from mail-it1-f169.google.com ([209.85.166.169]:51513 "EHLO mail-it1-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725766AbfCZFaf (ORCPT ); Tue, 26 Mar 2019 01:30:35 -0400 Received: by mail-it1-f169.google.com with SMTP id e24so17694415itl.1 for ; Mon, 25 Mar 2019 22:30:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xuH+jwjS5cxwDT/xNLxhJ5pir6EDS0bIdJPjuQU8hFI=; b=IO969YHXXlIkOavbhgpdXJcHCP41hNoIUHZdqWrXfigEa3w9SeIADfnSYDnkaveLDJ IB0dhMIW6JTzg4p8CCP/6VoK8ogV2AGbuxd+hadkXikQTpu/H5sizJnCS0A0az5r86Ko FigaEBa0PR8MRcHCyW+LrJycRHk7MPrOQHAQsDMK3xr2TckppWyWWf7ylFWU63ySUl3a Yaplgg8a9QNGaBC0rYnc8JGQcQbthw55ZIp7YHhZD72xKte43wULEv5cgLLu6WEMqT9d 364Lo1t6ybjmjH8GWDdek42zqhNnauVSfUTj6xnfKJ6sBOcxFW8FF4bKQVWqGG3Ajavr 3J6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xuH+jwjS5cxwDT/xNLxhJ5pir6EDS0bIdJPjuQU8hFI=; b=qwbwR4yXeiZmxepDNAAysdI8z2QxNcF6FtVprFYfDT/binn7y/BRDF8sXorvXJPs84 vLjLjQkGbdmE881ZV6PbvdzxhhlzmB+gViw5tD5Mq1ot+j4QQXKwdhm35Eh4gJrJpuKk uhgkmYX6USWKoeb3g+7tLNoIFdEs+Rs655aW7KnuOAuXSFDWml28fSq7/lYUr3ohdowO LrRxDd+QY1kT5UVFxFR7CvjRUu9Xpla/+aUpxiwusW53kg3nq6Vggj6zDXNRyjyFKPF2 ZrNVhUVTR6tqe/1+0IlC0gu8V7YyTEN+XOvwg9mEh3kavKwfEjIdOemv7i5YukX6KJIm 3d9w== X-Gm-Message-State: APjAAAWW8R7ap1kp+EWK9MpM2yOwLDxr8q3gJv5JT4JVmDhVotxZdBPd EBfFH2aNypweM0flqd1e3rZoQmhu4Sgn6x01dKZLdg== X-Received: by 2002:a02:b38f:: with SMTP id p15mr3491360jan.103.1553578233952; Mon, 25 Mar 2019 22:30:33 -0700 (PDT) MIME-Version: 1.0 References: <20190325220954.29054-1-matthewgarrett@google.com> <20190325220954.29054-2-matthewgarrett@google.com> In-Reply-To: <20190325220954.29054-2-matthewgarrett@google.com> From: Matthew Garrett Date: Mon, 25 Mar 2019 22:30:22 -0700 Message-ID: Subject: Re: [PATCH 01/27] Add the ability to lock down access to the running kernel image To: James Morris Cc: LSM List , Linux Kernel Mailing List , David Howells , James Morris Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Based on Andy's feedback, I'm going to rework this slightly and re-send tomorrow.