summaryrefslogtreecommitdiff
path: root/security/security.c
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2012-10-16 12:40:08 +1030
committerRusty Russell <rusty@rustcorp.com.au>2012-12-14 13:05:26 +1030
commitfdf90729e57812cb12d7938e2dee7c71e875fb08 (patch)
tree0ec17c765406dedc37ac278823d50587d53d1525 /security/security.c
parent1625cee56f8e6193b5a0809a414dfa395bd9cf1e (diff)
ima: support new kernel module syscall
With the addition of the new kernel module syscall, which defines two arguments - a file descriptor to the kernel module and a pointer to a NULL terminated string of module arguments - it is now possible to measure and appraise kernel modules like any other file on the file system. This patch adds support to measure and appraise kernel modules in an extensible and consistent manner. To support filesystems without extended attribute support, additional patches could pass the signature as the first parameter. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/security/security.c b/security/security.c
index ce88630de15d..daa97f4ac9d1 100644
--- a/security/security.c
+++ b/security/security.c
@@ -822,7 +822,12 @@ int security_kernel_module_request(char *kmod_name)
int security_kernel_module_from_file(struct file *file)
{
- return security_ops->kernel_module_from_file(file);
+ int ret;
+
+ ret = security_ops->kernel_module_from_file(file);
+ if (ret)
+ return ret;
+ return ima_module_check(file);
}
int security_task_fix_setuid(struct cred *new, const struct cred *old,