kexec_file: Restrict at runtime if the kernel is locked down
When KEXEC_VERIFY_SIG is not enabled, kernel should not load images through
kexec_file systemcall if the kernel is locked down unless IMA can be used
to validate the image.
This code was showed in Matthew's patch but not in git:
https://lkml.org/lkml/2015/3/13/778
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Signed-off-by: Chun-Yi Lee <jlee@suse.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
cc: kexec@lists.infradead.org
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0008-kexec_file-Restrict-at-runtime-if-the-kernel-is-lock.patch
projects / linux.git / commit