Re: [PATCH] x86: Lock down MSR writing in secure boot

From: Casey Schaufler
Date: Wed Feb 13 2013 - 20:34:20 EST

Next message: Kent Overstreet: "Re: [PATCH 2/2] aio: fix kioctx not being freed after cancellationat exit time"
Previous message: Kent Overstreet: "Re: [PATCH 1/2] aio: correct calculation of available events"
In reply to: Matthew Garrett: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Next in thread: Paolo Bonzini: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/13/2013 5:04 PM, Matthew Garrett wrote:
> On Wed, 2013-02-13 at 16:44 -0800, Casey Schaufler wrote:
>
>> If you want that sort of granularity throw yourself on the SELinux
>> bandwagon. Fine grained capabilities are insane and unmanageable
>> and will only lead to tears. Security is despised because of the
>> notion that making systems impossible to use is a good thing.
> SELinux is completely unusable for this specific case.
>
Well, you'll get no argument from me there.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kent Overstreet: "Re: [PATCH 2/2] aio: fix kioctx not being freed after cancellationat exit time"
Previous message: Kent Overstreet: "Re: [PATCH 1/2] aio: correct calculation of available events"
In reply to: Matthew Garrett: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Next in thread: Paolo Bonzini: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]