Menu
▾
▴
Re: [Linux-ima-user] Overriding executables with overlayfs
|
From: Kiviluoto, J. J <jaa...@in...> - 2016-11-15 10:07:10
|
> From: Patrick Ohly [mailto:pat...@in...] > Sent: Tuesday, November 15, 2016 12:01 PM > > On Tue, 2016-11-15 at 10:51 +0100, Patrick Ohly wrote: > > I don't know how well that'll work with the overlayfs. > > We had problems with it. See > https://github.com/ostroproject/ostro-os/blob/master/meta-ostro- > bsp/recipes-kernel/linux-yocto/linux-yocto/0001-ovl-setxattr-don-t- > deadlock-when-called-from-ima_fix.patch > and (found via some searching): > http://www.spinics.net/lists/linux-unionfs/msg00629.html > https://patchwork.kernel.org/patch/9376729/ Yes, Krisztian already pointed me to these. That is included in 4.8.3 and allows me to boot ok, but so far none of the merged updates to overlayfs or related bits seem to make it work properly with IMA. Jaakko |
