linux_dsm_epyc7002/security/integrity
Mimi Zohar a7f2a366f6 ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall
The new kernel module syscall appraises kernel modules based
on policy.   If the IMA policy requires kernel module checking,
fallback to module signature enforcing for the existing syscall.
Without CONFIG_MODULE_SIG_FORCE enabled, the kernel module's
integrity is unknown, return -EACCES.

Changelog v1:
- Fix ima_module_check() return result (Tetsuo Handa)

Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
2012-12-24 09:35:48 -05:00
..
evm Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2012-10-02 21:38:48 -07:00
ima ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall 2012-12-24 09:35:48 -05:00
digsig.c integrity: digital signature verification using multiple keyrings 2011-11-09 16:51:09 +02:00
iint.c ima: replace iint spinblock with rwlock/read_lock 2012-09-07 14:57:46 -04:00
integrity.h ima: change flags container data type 2012-09-19 08:55:20 -04:00
Kconfig integrity: digital signature config option name change 2012-01-18 10:46:27 +11:00
Makefile integrity: digital signature config option name change 2012-01-18 10:46:27 +11:00