On Mon, 2014-07-21 at 09:43 +1000, James Morris wrote: > On Sat, 19 Jul 2014, Kees Cook wrote: > > [...] > > > With the patch series, the LSM hook sees the userspace-touching loads: > > - from kernel built-in: no LSM hook (nonsense to check the static list) > > - direct from filesystem: called with file struct > > - via uevent /sys "loading"/"data" interface: called with NULL file struct > > - via uevent /sys "fd" interface: called with file struct > > Thanks for the overview. Can we get this documented in the LSM code? > > > The reason the "fd" interface was added was because otherwise there's > > no way for systems that use the uevent handler to communicate to the > > kernel where the bytes being shoved into the "data" interface are > > coming from. > > Ok. > > I gather folks have also thought about signing firmware? >From an IMA perspective, this would be the same as for any other file, just a new hook. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html