]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a2e69c3) | patch
ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Fri, 21 Dec 2012 13:34:21 +0000 (08:34 -0500)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Mon, 24 Dec 2012 14:35:48 +0000 (09:35 -0500)
commit2e4e899717d0cd167e1f8c8bb18642d4957e319b
tree67e502cd2da52cc6c75d1fa9dcaed27fd05b86e2tree | snapshot
parenta2e69c3c0f994da1cd5fbfdb8a9cfdb38b9f1ed5commit | diff
ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall

The new kernel module syscall appraises kernel modules based
on policy.   If the IMA policy requires kernel module checking,
fallback to module signature enforcing for the existing syscall.
Without CONFIG_MODULE_SIG_FORCE enabled, the kernel module's
integrity is unknown, return -EACCES.

Changelog v1:
- Fix ima_module_check() return result (Tetsuo Handa)

Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
security/integrity/ima/ima.h diff | blob | history
security/integrity/ima/ima_main.c diff | blob | history
security/integrity/ima/ima_policy.c diff | blob | history
Linux Kernel Source Tree.