GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-07-23 07:12:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

ima: support new kernel module syscall

Browse source 
With the addition of the new kernel module syscall, which defines two
arguments - a file descriptor to the kernel module and a pointer to a NULL
terminated string of module arguments - it is now possible to measure and
appraise kernel modules like any other file on the file system.

This patch adds support to measure and appraise kernel modules in an
extensible and consistent manner.

To support filesystems without extended attribute support, additional
patches could pass the signature as the first parameter.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Mimi Zohar 2012-10-16 12:40:08 +10:30 committed by Rusty Russell
parent 1625cee56f
commit fdf90729e5
7 changed files with 41 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
security/security.c
View file

@ -822,7 +822,12 @@ int security_kernel_module_request(char *kmod_name)
int security_kernel_module_from_file(struct file *file)
{
return security_ops->kernel_module_from_file(file);
int ret;
ret = security_ops->kernel_module_from_file(file);
if (ret)
return ret;
return ima_module_check(file);
}
int security_task_fix_setuid(struct cred *new, const struct cred *old,