On Sat, 19 Jul 2014, Kees Cook wrote: [...] > With the patch series, the LSM hook sees the userspace-touching loads: > - from kernel built-in: no LSM hook (nonsense to check the static list) > - direct from filesystem: called with file struct > - via uevent /sys "loading"/"data" interface: called with NULL file struct > - via uevent /sys "fd" interface: called with file struct Thanks for the overview. Can we get this documented in the LSM code? > The reason the "fd" interface was added was because otherwise there's > no way for systems that use the uevent handler to communicate to the > kernel where the bytes being shoved into the "data" interface are > coming from. Ok. I gather folks have also thought about signing firmware? -- James Morris <jmorris@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
