* [Bug translator/25579] New: detect kernel lockdown/secureboot in effect
@ 2020-02-19 20:21 fche at redhat dot com
2020-02-19 21:10 ` [Bug translator/25579] " fche at redhat dot com
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: fche at redhat dot com @ 2020-02-19 20:21 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=25579
Bug ID: 25579
Summary: detect kernel lockdown/secureboot in effect
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: translator
Assignee: systemtap at sourceware dot org
Reporter: fche at redhat dot com
Target Milestone: ---
https://bugzilla.redhat.com/show_bug.cgi?id=1638874 indicates modern kernels
activate a lockdown mode for kernels running under secureboot-enforcing mode,
which may prevent normal stap modules from loading/running. Once the kernel
exposes this state to unprivileged stap, we'll need to adopt the translator to
invoke the secureboot-signing mode implicitly. This logic is in the
systemtap_session::modules_must_be_signed() function.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug translator/25579] detect kernel lockdown/secureboot in effect
2020-02-19 20:21 [Bug translator/25579] New: detect kernel lockdown/secureboot in effect fche at redhat dot com
@ 2020-02-19 21:10 ` fche at redhat dot com
2020-04-16 20:28 ` fche at redhat dot com
2020-05-13 0:08 ` fche at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: fche at redhat dot com @ 2020-02-19 21:10 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=25579
Frank Ch. Eigler <fche at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |25580
Referenced Bugs:
https://sourceware.org/bugzilla/show_bug.cgi?id=25580
[Bug 25580] lp tracker
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug translator/25579] detect kernel lockdown/secureboot in effect
2020-02-19 20:21 [Bug translator/25579] New: detect kernel lockdown/secureboot in effect fche at redhat dot com
2020-02-19 21:10 ` [Bug translator/25579] " fche at redhat dot com
@ 2020-04-16 20:28 ` fche at redhat dot com
2020-05-13 0:08 ` fche at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: fche at redhat dot com @ 2020-04-16 20:28 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=25579
--- Comment #1 from Frank Ch. Eigler <fche at redhat dot com> ---
until the kernel exposes that info, here is how it can be found as of 5.5ish:
# sudo cat /sys/kernel/security/lockdown
[none] integrity confidentiality
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug translator/25579] detect kernel lockdown/secureboot in effect
2020-02-19 20:21 [Bug translator/25579] New: detect kernel lockdown/secureboot in effect fche at redhat dot com
2020-02-19 21:10 ` [Bug translator/25579] " fche at redhat dot com
2020-04-16 20:28 ` fche at redhat dot com
@ 2020-05-13 0:08 ` fche at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: fche at redhat dot com @ 2020-05-13 0:08 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=25579
Frank Ch. Eigler <fche at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #2 from Frank Ch. Eigler <fche at redhat dot com> ---
commit bef690b0e502
The kernel-side procfs file is not yet world-readable, but will be.
This is still useful for # sudo stap ... type use cases.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-05-13 0:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-19 20:21 [Bug translator/25579] New: detect kernel lockdown/secureboot in effect fche at redhat dot com
2020-02-19 21:10 ` [Bug translator/25579] " fche at redhat dot com
2020-04-16 20:28 ` fche at redhat dot com
2020-05-13 0:08 ` fche at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).