1. Patchew
  2. linux
  3. View series

[PATCH 0/4] LoadPin: Allow filesystem switch when not enforcing

Kees Cook posted 4 patches 2 years, 9 months ago 
security/loadpin/loadpin.c | 89 ++++++++++++++++++++++----------------
1 file changed, 52 insertions(+), 37 deletions(-)
[PATCH 0/4] LoadPin: Allow filesystem switch when not enforcing
Posted by Kees Cook 2 years, 9 months ago 
Hi,

Right now, LoadPin isn't much use on general purpose distros since modules
tend to be loaded from multiple filesystems at boot (first initramfs,
then real rootfs). Allow the potential mount pin to move when enforcement
is not enabled.

-Kees

Kees Cook (4):
  LoadPin: Refactor read-only check into a helper
  LoadPin: Refactor sysctl initialization
  LoadPin: Move pin reporting cleanly out of locking
  LoadPin: Allow filesystem switch when not enforcing

 security/loadpin/loadpin.c | 89 ++++++++++++++++++++++----------------
 1 file changed, 52 insertions(+), 37 deletions(-)

-- 
2.34.1
Re: [PATCH 0/4] LoadPin: Allow filesystem switch when not enforcing
Posted by Serge E. Hallyn 2 years, 9 months ago 
On Fri, Dec 09, 2022 at 11:57:41AM -0800, Kees Cook wrote:
> Hi,
> 
> Right now, LoadPin isn't much use on general purpose distros since modules
> tend to be loaded from multiple filesystems at boot (first initramfs,
> then real rootfs). Allow the potential mount pin to move when enforcement
> is not enabled.
> 
> -Kees

Reviewed-by: Serge Hallyn <serge@hallyn.com>

to the set, thanks.

> 
> Kees Cook (4):
>   LoadPin: Refactor read-only check into a helper
>   LoadPin: Refactor sysctl initialization
>   LoadPin: Move pin reporting cleanly out of locking
>   LoadPin: Allow filesystem switch when not enforcing
> 
>  security/loadpin/loadpin.c | 89 ++++++++++++++++++++++----------------
>  1 file changed, 52 insertions(+), 37 deletions(-)
> 
> -- 
> 2.34.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.