On Jan 15, 2024 Roberto Sassu <[email protected]> wrote: > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > the path_post_mknod hook. > > IMA-appraisal requires all existing files in policy to have a file > hash/signature stored in security.ima. An exception is made for empty files > created by mknod, by tagging them as new files. > > LSMs could also take some action after files are created. > > The new hook cannot return an error and cannot cause the operation to be > reverted. > > Signed-off-by: Roberto Sassu <[email protected]> > Acked-by: Casey Schaufler <[email protected]> > Reviewed-by: Mimi Zohar <[email protected]> > --- > fs/namei.c | 5 +++++ > include/linux/lsm_hook_defs.h | 2 ++ > include/linux/security.h | 5 +++++ > security/security.c | 14 ++++++++++++++ > 4 files changed, 26 insertions(+)
Acked-by: Paul Moore <[email protected]> -- paul-moore.com
