17 Jul, 2018
1 commit
-
Both the init_module and finit_module syscalls call either directly
or indirectly the security_kernel_read_file LSM hook. This patch
replaces the direct call in init_module with a call to the new
security_kernel_load_data hook and makes the corresponding changes
in SELinux, LoadPin, and IMA.Signed-off-by: Mimi Zohar
Cc: Jeff Vander Stoep
Cc: Casey Schaufler
Cc: Kees Cook
Acked-by: Jessica Yu
Acked-by: Paul Moore
Acked-by: Kees Cook
Signed-off-by: James Morris
23 Feb, 2018
1 commit
-
Signed-off-by: Al Viro
06 Mar, 2017
1 commit
-
Mark all of the registration hooks as __ro_after_init (via the
__lsm_ro_after_init macro).Signed-off-by: James Morris
Acked-by: Stephen Smalley
Acked-by: Kees Cook
19 Jan, 2017
1 commit
-
I am still tired of having to find indirect ways to determine
what security modules are active on a system. I have added
/sys/kernel/security/lsm, which contains a comma separated
list of the active security modules. No more groping around
in /proc/filesystems or other clever hacks.Unchanged from previous versions except for being updated
to the latest security next branch.Signed-off-by: Casey Schaufler
Acked-by: John Johansen
Acked-by: Paul Moore
Acked-by: Kees Cook
Signed-off-by: James Morris
17 May, 2016
1 commit
-
Instead of being enabled by default when SECURITY_LOADPIN is selected,
provide an additional (default off) config to determine the boot time
behavior. As before, the "loadpin.enabled=0/1" kernel parameter remains
available.Suggested-by: James Morris
Signed-off-by: Kees Cook
Signed-off-by: James Morris
21 Apr, 2016
1 commit
-
This LSM enforces that kernel-loaded files (modules, firmware, etc)
must all come from the same filesystem, with the expectation that
such a filesystem is backed by a read-only device such as dm-verity
or CDROM. This allows systems that have a verified and/or unchangeable
filesystem to enforce module and firmware loading restrictions without
needing to sign the files individually.Signed-off-by: Kees Cook
Acked-by: Serge Hallyn
Signed-off-by: James Morris