Merge branch 'for-Linus' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into for-linus
Pulled from Mimi's tree.
This commit is contained in:
commit
ade24c93ab
@ -139,6 +139,7 @@ void ima_delete_rules(void);
|
||||
/* Appraise integrity measurements */
|
||||
#define IMA_APPRAISE_ENFORCE 0x01
|
||||
#define IMA_APPRAISE_FIX 0x02
|
||||
#define IMA_APPRAISE_MODULES 0x04
|
||||
|
||||
#ifdef CONFIG_IMA_APPRAISE
|
||||
int ima_appraise_measurement(struct integrity_iint_cache *iint,
|
||||
|
@ -291,11 +291,15 @@ EXPORT_SYMBOL_GPL(ima_file_check);
|
||||
*/
|
||||
int ima_module_check(struct file *file)
|
||||
{
|
||||
int rc;
|
||||
int rc = 0;
|
||||
|
||||
if (!file)
|
||||
rc = INTEGRITY_UNKNOWN;
|
||||
else
|
||||
if (!file) {
|
||||
if (ima_appraise & IMA_APPRAISE_MODULES) {
|
||||
#ifndef CONFIG_MODULE_SIG_FORCE
|
||||
rc = -EACCES; /* INTEGRITY_UNKNOWN */
|
||||
#endif
|
||||
}
|
||||
} else
|
||||
rc = process_measurement(file, file->f_dentry->d_name.name,
|
||||
MAY_EXEC, MODULE_CHECK);
|
||||
return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0;
|
||||
|
@ -523,7 +523,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
|
||||
}
|
||||
if (!result && (entry->action == UNKNOWN))
|
||||
result = -EINVAL;
|
||||
|
||||
else if (entry->func == MODULE_CHECK)
|
||||
ima_appraise |= IMA_APPRAISE_MODULES;
|
||||
audit_log_format(ab, "res=%d", !result);
|
||||
audit_log_end(ab);
|
||||
return result;
|
||||
|
Loading…
x
Reference in New Issue
Block a user