How are kexec() and friends handled at runtime? I remember kexec_file_load() being allowed, since it /could/ verify code sig, but not sure if that's across the board?
@ChaosDatumz see also BPF kprobe restrictions, e.g. https://lore.kernel.org/patchwork/patch/1055067/ …
-
-
-
Yup, the older kexec is blocked, file_load() is permitted and requires signatures
- Još 1 odgovor
Novi razgovor -
-
-
I owe you a beverage next time I see you
-
I think dhowells deserves more credit here
- Još 1 odgovor
Novi razgovor -
-
-
Thank you so much for getting this upstream. I'll probably pick those for experimental some time soon. (I already backported a select few onto the non-LSM version of lockdown that we have in unstable.)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.