Re: [RFC PATCH] ima: require secure_boot rules in lockdown mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I've added this into my series as the third patch, but:

Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:

> +			ima_use_appraise_tcb = TRUE;

Did you mean "true" rather than "TRUE"?

> +			entry = kzalloc(sizeof(*entry), GFP_KERNEL);
> +			if (entry) {
> +				memcpy(entry, &secure_boot_rules[i],
> +				       sizeof(*entry));

kmemdup()?

I guess also that oopsing is okay if the allocation fails.  We've run out of
memory during early boot, after all.

> +				INIT_LIST_HEAD(&entry->list);
> +				list_add_tail(&entry->list, &ima_policy_rules);

Isn't the init redundant, given the following line?

David
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux