• Mimi Zohar's avatar
    ima: support new kernel module syscall · fdf90729
    Mimi Zohar authored
    With the addition of the new kernel module syscall, which defines two
    arguments - a file descriptor to the kernel module and a pointer to a NULL
    terminated string of module arguments - it is now possible to measure and
    appraise kernel modules like any other file on the file system.
    
    This patch adds support to measure and appraise kernel modules in an
    extensible and consistent manner.
    
    To support filesystems without extended attribute support, additional
    patches could pass the signature as the first parameter.
    Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
    Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
    fdf90729
ima_policy.c 15.8 KB