linux_dsm_epyc7002/security
Mimi Zohar a7f2a366f6 ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall
The new kernel module syscall appraises kernel modules based
on policy.   If the IMA policy requires kernel module checking,
fallback to module signature enforcing for the existing syscall.
Without CONFIG_MODULE_SIG_FORCE enabled, the kernel module's
integrity is unknown, return -EACCES.

Changelog v1:
- Fix ima_module_check() return result (Tetsuo Handa)

Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
2012-12-24 09:35:48 -05:00
..
apparmor apparmor: fix IRQ stack overflow during free_profile 2012-10-25 02:12:50 +11:00
integrity ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall 2012-12-24 09:35:48 -05:00
keys keys: fix unreachable code 2012-12-20 17:40:21 -08:00
selinux bridge: update selinux perm table for RTM_NEWMDB and RTM_DELMDB 2012-12-15 17:14:38 -08:00
smack Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2012-12-16 15:40:50 -08:00
tomoyo consitify do_mount() arguments 2012-10-11 20:02:04 -04:00
yama Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-12-17 15:44:47 -08:00
capability.c security: introduce kernel_module_from_file hook 2012-12-14 13:05:24 +10:30
commoncap.c Fix cap_capable to only allow owners in the parent user namespace to have caps. 2012-12-14 13:50:32 -08:00
device_cgroup.c cgroup: rename ->create/post_create/pre_destroy/destroy() to ->css_alloc/online/offline/free() 2012-11-19 08:13:38 -08:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig KEYS: Move the key config into security/keys/Kconfig 2012-05-11 10:56:56 +01:00
lsm_audit.c LSM: BUILD_BUG_ON if the common_audit_data union ever grows 2012-04-09 12:23:03 -04:00
Makefile security: Yama LSM 2012-02-10 09:18:52 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c ima: support new kernel module syscall 2012-12-14 13:05:26 +10:30