Kernel panic at Ubuntu: IMA + Apparmor
Dmitry Kasatkin
dmitry.kasatkin at gmail.com
Sat Apr 26 08:58:45 UTC 2014
On 26 April 2014 01:38, Eric W. Biederman <ebiederm at xmission.com> wrote:
> Dmitry Kasatkin <dmitry.kasatkin at gmail.com> writes:
>
>> Is it really a show stopper to switch order of 2 functions as quick fix?
>> It was like that before 3.10 and seemed ok...
>
> When that is the question. The answer is yes it is a show stopper.
>
> A quick fix to bury a fundamental design flaw because the code
> previously seemed ok. That seems fundamentally wrong.
>
> Having IMA conflict with Apparmor in Kconfig would be a sensible quick
> fix.
>
> Eric
Conflict with Apparmor means with Ubuntu.
But answering to your early question..
IMA does not want permission denied when measuring and re-measuring files.
may_open() is doing that job before.
We need quickly introduce kernel_read without LSM checks...
--
Thanks,
Dmitry
More information about the kernel-team
mailing list