]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9768919) | patch
bpf: Add a BPF helper for getting the IMA hash of an inode
authorKP Singh <kpsingh@google.com>
Tue, 24 Nov 2020 15:12:09 +0000 (15:12 +0000)
committerDaniel Borkmann <daniel@iogearbox.net>
Wed, 25 Nov 2020 23:04:04 +0000 (00:04 +0100)
commit42f1568ba4cce12a64d4d8ad679b59adf0d1bb3c
tree04cce21fa652d2576937ea9e0b8c6378c7d96062tree | snapshot
parent97689194ae6dc2a98f5de888cf36000dcbda1b79commit | diff
bpf: Add a BPF helper for getting the IMA hash of an inode

Provide a wrapper function to get the IMA hash of an inode. This helper
is useful in fingerprinting files (e.g executables on execution) and
using these fingerprints in detections like an executable unlinking
itself.

Since the ima_inode_hash can sleep, it's only allowed for sleepable
LSM hooks.

Signed-off-by: KP Singh <kpsingh@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20201124151210.1081188-3-kpsingh@chromium.org
include/uapi/linux/bpf.h diff | blob | history
kernel/bpf/bpf_lsm.c diff | blob | history
scripts/bpf_helpers_doc.py diff | blob | history
tools/include/uapi/linux/bpf.h diff | blob | history
Linux Kernel Source Tree.