Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: > This kernel_is_locked_down() check is being called for both the > original and new module_load syscalls. We need to be able > differentiate them. This is fine for the original syscall, but for > the new syscall we would need an additional IMA check - > !is_ima_appraise_enabled(). IMA can only be used with finit_module()? David -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
