| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <2b20badc350112abc405751e67a7eaf3e3932358.1405428802.git.d.kasatkin@samsung.com>
Date: Tue, 15 Jul 2014 15:54:20 +0300
From: Dmitry Kasatkin <d.kasatkin@...sung.com>
To: zohar@...ux.vnet.ibm.com, linux-ima-devel@...ts.sourceforge.net,
linux-security-module@...r.kernel.org, akpm@...ux-foundation.org
Cc: linux-kernel@...r.kernel.org, dhowells@...hat.com,
dmitry.kasatkin@...il.com, Dmitry Kasatkin <d.kasatkin@...sung.com>
Subject: [PATCH v1 1/4] ima: provide hook to load IMA keys when rootfs is ready
Keys can only be loaded when rootfs is mounted. Initcalls
are not suitable for that. Provide a special hook.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@...sung.com>
---
include/linux/ima.h | 9 +++++++++
init/main.c | 6 +++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/include/linux/ima.h b/include/linux/ima.h
index 23a87a4..b617c1a 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -73,4 +73,13 @@ static inline int ima_inode_removexattr(struct dentry *dentry,
return 0;
}
#endif /* CONFIG_IMA_APPRAISE */
+
+#ifdef CONFIG_IMA_APPRAISE_SIGNED_INIT
+extern void __init ima_prepare_keys(void);
+#else
+static inline void ima_prepare_keys(void)
+{
+}
+#endif
+
#endif /* _LINUX_IMA_H */
diff --git a/init/main.c b/init/main.c
index e8ae1fe..b24cfaa 100644
--- a/init/main.c
+++ b/init/main.c
@@ -78,6 +78,7 @@
#include <linux/context_tracking.h>
#include <linux/random.h>
#include <linux/list.h>
+#include <linux/ima.h>
#include <asm/io.h>
#include <asm/bugs.h>
@@ -1028,6 +1029,9 @@ static noinline void __init kernel_init_freeable(void)
* initmem segments and start the user-mode stuff..
*/
- /* rootfs is available now, try loading default modules */
+ /* rootfs is available now */
+ /* try loading public keys */
+ ima_prepare_keys();
+ /* try loading default modules */
load_default_modules();
}
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists