On Wed, 2012-10-24 at 13:19 -0400, Vivek Goyal wrote:
On Tue, Oct 23, 2012 at 09:44:59AM -0700, Eric W. Biederman wrote:
Matthew Garrett m...@redhat.com writes:
On Tue, Oct 23, 2012 at 10:59:20AM -0400, Vivek Goyal wrote:
But what about creation of a new program which can call
On Wed, 2012-10-24 at 13:36 -0400, Vivek Goyal wrote:
On Tue, Oct 23, 2012 at 09:19:27AM -0700, Eric W. Biederman wrote:
Vivek Goyal vgo...@redhat.com writes:
On Tue, Oct 23, 2012 at 09:18:54AM -0400, Vivek Goyal wrote:
[..]
There are 3 options for trusting /sbin/kexec. There
On Thu, 2012-10-25 at 10:10 -0400, Vivek Goyal wrote:
On Thu, Oct 25, 2012 at 02:10:01AM -0400, Mimi Zohar wrote:
[..]
IMA-appraisal verifies the integrity of file data, while EVM verifies
the integrity of the file metadata, such as LSM and IMA-appraisal
labels. Both 'security.ima
On Thu, 2012-10-25 at 09:54 -0400, Vivek Goyal wrote:
On Thu, Oct 25, 2012 at 01:43:59AM -0400, Mimi Zohar wrote:
On Wed, 2012-10-24 at 13:19 -0400, Vivek Goyal wrote:
On Tue, Oct 23, 2012 at 09:44:59AM -0700, Eric W. Biederman wrote:
Matthew Garrett m...@redhat.com writes
On Thu, 2012-10-25 at 14:55 -0400, Vivek Goyal wrote:
On Thu, Oct 25, 2012 at 02:40:21PM -0400, Mimi Zohar wrote:
On Thu, 2012-10-25 at 10:10 -0400, Vivek Goyal wrote:
On Thu, Oct 25, 2012 at 02:10:01AM -0400, Mimi Zohar wrote:
[..]
IMA-appraisal verifies the integrity of file
On Fri, 2012-10-26 at 03:39 +0100, Matthew Garrett wrote:
On Thu, Oct 25, 2012 at 09:15:58PM -0400, Mimi Zohar wrote:
On a running system, the package installer, after verifying the package
integrity, would install each file with the associated 'security.ima'
extended attribute
On Fri, 2012-10-26 at 19:19 +0100, Matthew Garrett wrote:
On Fri, Oct 26, 2012 at 01:59:34PM -0400, Mimi Zohar wrote:
On Fri, 2012-10-26 at 03:39 +0100, Matthew Garrett wrote:
and it must be impossible for anything other than
/sbin/kexec to make the kexec system call.
Permission
On Thu, 2012-11-08 at 14:40 -0500, Vivek Goyal wrote:
On Tue, Nov 06, 2012 at 03:51:59PM -0800, Eric W. Biederman wrote:
[..]
Thnking more about executable signature verification, I have another question.
While verifyign the signature, we will have to read the whole executable
in
On Wed, 2012-11-14 at 21:09 -0800, Eric W. Biederman wrote:
Vivek Goyal vgo...@redhat.com writes:
On Thu, Nov 08, 2012 at 01:03:17PM -0800, Eric W. Biederman wrote:
Vivek Goyal vgo...@redhat.com writes:
On Thu, Nov 08, 2012 at 02:40:50PM -0500, Vivek Goyal wrote:
On Tue, Nov 06,
On Wed, 2013-03-20 at 18:12 +, Matthew Garrett wrote:
On Wed, 2013-03-20 at 14:01 -0400, Mimi Zohar wrote:
Sorry, I'm not sure to which work you're referring. If you're referring
to Dmitry's initramfs with digital signature protection patches, then
we're speaking about enforcing
On Tue, 2013-09-10 at 17:44 -0400, Vivek Goyal wrote:
Currently digital signature verification code assumes that it can be
used only with 3 keyrings. IMA, EVM and MODULE keyring. Provide another
variant where one can pass in a pointer to keyring (struct key *), and
integrity code can try to
the
security_kernel_module_from_file() function.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
fs/exec.c | 4 +++
include/linux/ima.h | 1 +
include/linux/lsm_hooks.h | 8 +
include/linux/security.h | 3 +-
kernel/mo
the
security_kernel_fw_from_file() function.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
drivers/base/firmware_class.c | 51 +--
include/linux/ima.h | 6 -
include/linux/security.h | 8 +-
security/integrity/ima/ima_main.
with the corresponding security post-read hook and
function.
Changelog:
- Add missing
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
fs/exec.c | 56 +++
include/linux/fs.h| 1 +
include/linux/lsm_hooks.
st version of these patches can be found
in the next-kernel-read branch of:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
Mimi Zohar (5):
vfs: define a generic function to read a file from the kernel
firmware: replace call to fw_read_file_contents() with kernel version
kexec: re
This patch defines kernel_read_file_from_fd(), a wrapper for the VFS
common kernel_read_file(), and replaces the kexec copy_file_from_fd()
calls with the kernel_read_file_from_fd() wrapper.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
fs/exec.c | 15 +++
i
This patch defines kernel_read_file_from_path(), a wrapper for the VFS
common kernel_read_file(), and replaces the integrity_read_file() with
a call to the kernel_read_file_from_path() wrapper.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
fs/exec.c
On Fri, 2016-01-08 at 12:24 -0800, Kees Cook wrote:
> On Fri, Jan 8, 2016 at 11:22 AM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote:
> > In order to measure and appraise files being read by the kernel,
> > new module and kexec syscalls were defined which include a file
> >
On Fri, 2016-01-08 at 14:21 -0500, Mimi Zohar wrote:
> For a while it was looked down upon to directly read files from Linux.
> These days there exists a few mechanisms in the kernel that do just this
> though to load a file into a local buffer. There are minor but important
> checks
On Fri, 2016-01-08 at 12:26 -0800, Kees Cook wrote:
> On Fri, Jan 8, 2016 at 11:22 AM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote:
> > Replace fw_read_file_contents() for reading a file with the common VFS
> > kernel_read_file() function. Call the existing firmware s
On Fri, 2015-12-25 at 13:33 +0800, Dave Young wrote:
> Hi, Mimi
>
> CCing kexec list, not all kexec people subscribed to IMA list.
> I just subscribed to it since Vivek CCed me last time about the V1 of this
> series.
Thanks!
> On 12/23/15 at 06:55pm, Mimi Zohar wrote:
>
On Mon, 2015-12-28 at 16:29 +0200, Petko Manolov wrote:
> On 15-12-28 07:51:15, Mimi Zohar wrote:
> > On Mon, 2015-12-28 at 10:08 +0800, Dave Young wrote:
> > > On 12/25/15 at 09:45am, Mimi Zohar wrote:
> > > > IMA calculates the file hash, in this case, based
On Mon, 2015-12-28 at 10:08 +0800, Dave Young wrote:
> On 12/25/15 at 09:45am, Mimi Zohar wrote:
> > IMA calculates the file hash, in this case, based on the buffer
> > contents. The hash is calculated once and used for both measurement
> > and appraisal. If the file inte
On Mon, 2015-12-28 at 10:08 +0800, Dave Young wrote:
> On 12/25/15 at 09:45am, Mimi Zohar wrote:
> > IMA calculates the file hash, in this case, based on the buffer
> > contents. The hash is calculated once and used for both measurement
> > and appraisal. If the file inte
On Mon, 2015-12-28 at 16:59 +0200, Petko Manolov wrote:
> On 15-12-28 09:42:22, Mimi Zohar wrote:
> > On Mon, 2015-12-28 at 16:29 +0200, Petko Manolov wrote:
> > >
> > > I kind of wonder isn't it possible to optimize the file read? If the
> > > file
> &
On Tue, 2015-12-29 at 16:21 +0800, Dave Young wrote:
> Hi, Mimi
>
> On 12/28/15 at 07:51am, Mimi Zohar wrote:
> > On Mon, 2015-12-28 at 10:08 +0800, Dave Young wrote:
> > > On 12/25/15 at 09:45am, Mimi Zohar wrote:
> > > > IMA calculates the file has
On Tue, 2015-12-29 at 07:06 -0500, Mimi Zohar wrote:
> On Tue, 2015-12-29 at 16:21 +0800, Dave Young wrote:
> This policy flexibility is needed at least until all files come from
> software providers with file signatures. (RPM has been modified to
> include file signatures.) Even th
This patch defines the buffer identifier "KEXEC_CMDLINE_CHECK" for
measuring the boot command line.
eg: echo -n -e `cat /proc/cmdline | sed 's/^.*root=/root=/'` | sha256sum
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
Documentation/ABI/testing/ima_policy | 1 +
inc
, buffer length and a buffer identifier.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
include/linux/ima.h | 11 +
security/integrity/ima/Makefile | 2 +-
security/integrity/ima/ima.h| 2 +
security/integrity/ima/ima_buffer.
to measure the kexec boot command
line, while the latter could be used for including asymmetric key id
information.
Mimi Zohar (3):
ima: measure other types of data
kexec: measure boot command line
ima: add pre-calculated measurements (experimental)
Documentation/ABI/testing/ima_policy | 1
Hi Dave,
On Wed, 2016-06-22 at 09:20 +0800, Dave Young wrote:
> On 06/20/16 at 10:44pm, Thiago Jung Bauermann wrote:
> > Hello,
> >
> > This patch series implements a mechanism which allows the kernel to pass on
> > a buffer to the kernel that will be kexec'd. This buffer is passed as a
> >
This patch defines a new IMA hook named ima_add_measurement_check()
for including pre-calculated measurements in the IMA measurement list.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
Documentation/ABI/testing/ima_policy | 2 +-
include/linux/ima.h
From: Dmitry Kasatkin <d.kasat...@samsung.com>
This patch provides convenient buffer hash calculation function.
Changelog:
- rewrite to support loff_t sized buffers - Mimi
(based on Fenguang Wu's testing)
Signed-off-by: Dmitry Kasatkin <d.kasat...@samsung.com>
Signed-off-by: Mi
Setting up ahash has some overhead. Only use ahash to calculate the
hash of a buffer, if the buffer is larger than ima_ahash_minsize.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/ima/ima_crypto.c | 75 -
1 file chang
h algo to the ima_collect_measurement().
Signed-off-by: Dmitry Kasatkin <d.kasat...@samsung.com>
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h | 15 +++
security/integrity/ima/ima_api.c | 15 +++
secu
path() (Mimi)
Changelog v2:
- Patch description re-written by Luis R. Rodriguez
Signed-off-by: Dmitry Kasatkin <d.kasat...@samsung.com>
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
fs/exec.c | 21
include/linux/fs.h |
- Instead of ima_read_and_process_file() allocating memory, the caller
allocates and frees the memory.
- Moved the kexec measurement/appraisal call to copy_file_from_fd(). The
same call now measures and appraises both the kexec image and initramfs.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
Documenta
the
security_kernel_module_from_file() function.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
fs/exec.c | 4 +++
include/linux/ima.h | 1 +
include/linux/lsm_hooks.h | 8 +
include/linux/security.h | 3 +-
kernel/mo
tains just the IMA changes. The
kexec and initramfs changes are with the rest of the kexec changes
in "kexec: replace call to copy_file_from_fd() with kernel version".
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
fs/exec.c |
into memory.
This patch retains the kernel_fw_from_file() hook, which is called from
security_kernel_post_read_file(), but removes the
sercurity_kernel_fw_from_file() function.
Changelog:
- reordered and squashed firmware patches
- fix MAX firmware size (Kees Cook)
Signed-off-by: Mimi Zohar <
[1] Taken from Luis Rodriguez's wiki -
http://kernelnewbies.org/KernelProjects/common-kernel-loader
Mimi
Dmitry Kasatkin (3):
ima: separate 'security.ima' reading functionality from collect
ima: provide buffer hash calculation function
ima: load policy using path
Mimi Zohar (8):
vfs: defin
some of these differences.
This patch introduces a common function for reading files from the kernel
with the corresponding security post-read hook and function.
Changelog v1:
- To simplify patch review, re-ordered patches
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
fs/
Require the IMA policy to be signed when additional rules can be added.
Changelog v2:
- add union name "hooks" to fix sparse warning
v1:
- initialize the policy flag
- include IMA_APPRAISE_POLICY in the policy flag
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
securi
This patch adds support for measuring and appraising the IMA policy
itself.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h| 1 +
security/integrity/ima/ima_fs.c | 9 -
security/integrity/ima/ima_policy.c | 14 --
3
On Mon, 2016-02-08 at 10:45 +, Dmitry Kasatkin wrote:
> > > @@ -286,9 +322,12 @@ static ssize_t ima_write_policy(struct file *file,
> > > const char __user *buf,
> > > result = mutex_lock_interruptible(_write_mutex);
> > > if (result < 0)
> > > goto out_free;
> > >
On Thu, 2016-02-04 at 20:56 +0100, Luis R. Rodriguez wrote:
> On Wed, Feb 03, 2016 at 02:06:24PM -0500, Mimi Zohar wrote:
> > Replace copy_module_from_fd() with kernel_read_file_from_fd().
> >
> > Although none of the upstreamed LSMs define a kernel_module_from_file
> >
On Thu, 2016-02-04 at 10:15 -0800, Kees Cook wrote:
> On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote:
> > For a while it was looked down upon to directly read files from Linux.
> > These days there exists a few mechanisms in the kernel that do
;keesc...@chromium.org>
> > Cc: Josh Boyer <jwbo...@fedoraproject.org>
> > Cc: David Howells <dhowe...@redhat.com>
> > Cc: Luis R. Rodriguez <mcg...@kernel.org>
> > Cc: Mimi Zohar <zo...@linux.vnet.ibm.com>
>
> Thanks,
>
> Acked-by: Luis
.
Changelog v3:
- Replace the IMA specific enumeration with a generic one.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: Kees Cook <keesc...@chromium.org>
Acked-by: Luis R. Rodriguez <mcg...@kernel.org>
Cc: Al Viro <v...@zeniv.linux.org.uk>
---
fs/ex
ash calculation function
ima: load policy using path
Kees Cook (1):
firmware: clean up filesystem load exit path
Luis R. Rodriguez (2):
firmware: simplify dev_*() print messages for generic helpers
firmware: move completing fw into a helper
Mimi Zohar (14):
vfs: define a generic function
satkin <dmitry.kasat...@huawei.com>
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h| 2 ++
security/integrity/ima/ima_crypto.c | 47 +
2 files changed, 49 insertions(+)
diff --git a/security/integrity/ima/ima.h b/
Setting up ahash has some overhead. Only use ahash to calculate the
hash of a buffer, if the buffer is larger than ima_ahash_minsize.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com>
---
security/integrity/ima/ima_c
, moving copy_file_from_fd() to a separate patch
- split patch, moving IMA changes to a separate patch
v0:
- use kstat file size type loff_t, not size_t
- Calculate the file hash from the in memory buffer - Dave Young
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: Kees Cook
some of these differences.
This patch introduces a common function for reading files from the kernel
with the corresponding security post-read hook and function.
Changelog v3:
- additional bounds checking - Luis
v2:
- To simplify patch review, re-ordered patches
Signed-off-by: Mimi Zohar <
ima_hash_and_process_file() to ima_post_read_file()
v1:
- split patch
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com>
---
include/linux/ima.h | 8 +++
include/linux/security.h | 1 +
security/integri
:
- replaced switch statement with a kernel_read_file_id to an ima_hooks
id mapping array - Dmitry
- renamed ima_hook tokens KEXEC_CHECK and INITRAMFS_CHECK to
KEXEC_KERNEL_CHECK and KEXEC_INITRAMFS_CHECK respectively - Dave Young
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by:
uk>
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
fs/exec.c | 16
include/linux/fs.h | 2 ++
2 files changed, 18 insertions(+)
diff --git a/fs/exec.c b/fs/exec.c
index 78dfdf3..604f669 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -910,6 +910,22 @@ int kernel_
This patch defines kernel_read_file_from_path(), a wrapper for the VFS
common kernel_read_file().
Changelog:
- Separated from the IMA patch
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: Kees Cook <keesc...@chromium.org>
Acked-by: Luis R. Rodriguez <mcg...@kernel.o
module
twice, once for measuring/appraising and again for loading the kernel
module, the signature validation is moved to the kernel_post_read_file()
security hook.
This patch removes the security_kernel_module_from_file() hook and security
call.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.
The kernel_read_file security hook is called prior to reading the file
into memory.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: Kees Cook <keesc...@chromium.org>
Acked-by: Luis R. Rodriguez <mcg...@kernel.org>
Acked-by: Casey Schaufler <ca...@schaufler-c
simplifies adding support for other files read by the kernel.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: Petko Manolov <pet...@mip-labs.com>
Acked-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com>
---
security/integrity/iint.c | 4 ++--
security/i
v3:
- moved kernel_read_file_from_path() to a separate patch
v2:
- after re-ordering the patches, replace calling integrity_kernel_read()
to read the file with kernel_read_file_from_path() (Mimi)
- Patch description re-written by Luis R. Rodriguez
Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com>
S
Require the IMA policy to be signed when additional rules can be added.
v1:
- initialize the policy flag
- include IMA_APPRAISE_POLICY in the policy flag
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: Petko Manolov <pet...@mip-labs.com>
Acked-by: Dmitry Kasatkin &
kernel_fw_from_file() hook and security call.
Changelog v3:
- remove kernel_fw_from_file hook
- use kernel_file_read_from_path() - requested by Luis
v2:
- reordered and squashed firmware patches
- fix MAX firmware size (Kees Cook)
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: Kees Cook
From: "Luis R. Rodriguez" <mcg...@kernel.org>
This will be re-used later through a new extensible interface.
Reviewed-by: Josh Boyer <jwbo...@fedoraproject.org>
Signed-off-by: Luis R. Rodriguez <mcg...@kernel.org>
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.
Add support for measuring and appraising the IMA policy itself.
Changelog v4:
- use braces on both if/else branches, even if single line on one of the
branches - Dmitry
- Use the id mapping - Dmitry
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: Petko Manolov <pet...@mip
com>
Acked-by: Luis R. Rodriguez <mcg...@kernel.org>
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
drivers/base/firmware_class.c | 12 +---
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_c
chaufler <ca...@schaufler-ca.com>
Cc: Ming Lei <ming@canonical.com>
Cc: Takashi Iwai <ti...@suse.de>
Cc: Vojtěch Pavlík <vojt...@suse.cz>
Cc: Kyle McMartin <k...@kernel.org>
Cc: Matthew Garrett <mj...@srcf.ucam.org>
Cc: linux-ker...@vger.kernel.org
On Thu, 2016-02-11 at 08:54 -0800, Casey Schaufler wrote:
> On 2/3/2016 11:06 AM, Mimi Zohar wrote:
> > The kernel_read_file security hook is called prior to reading the file
> > into memory.
> >
> > Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
&
On Thu, 2016-02-11 at 10:47 +0200, Dmitry Kasatkin wrote:
> On Thu, Feb 11, 2016 at 4:08 AM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote:
> static int idmap[] = {
> [READING_FIRMWARE] = FIRMWARE_CHECK,
> [READING_MODULE] = MODULE_CHECK,
> ...
&g
On Sun, 2016-02-07 at 22:10 +0200, Petko Manolov wrote:
> On 16-02-03 14:06:27, Mimi Zohar wrote:
> > Option 3: incorportate the ima_hooks enumeration into kernel_read_file_id,
> > perhaps changing the enumeration name.
> >
> > For now, duplicate the new RE
chaufler <ca...@schaufler-ca.com>
Cc: Ming Lei <ming@canonical.com>
Cc: Takashi Iwai <ti...@suse.de>
Cc: Vojtěch Pavlík <vojt...@suse.cz>
Cc: Kyle McMartin <k...@kernel.org>
Cc: Matthew Garrett <mj...@srcf.ucam.org>
Cc: linux-ker...@vger.kernel.org
some of these differences.
This patch introduces a common function for reading files from the kernel
with the corresponding security post-read hook and function.
Changelog v3:
- additional bounds checking - Luis
v2:
- To simplify patch review, re-ordered patches
Signed-off-by: Mimi Zohar <
This patch defines kernel_read_file_from_path(), a wrapper for the VFS
common kernel_read_file().
Changelog:
- Separated from the IMA patch
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
fs/exec.c | 22 ++
include/linux/fs.h | 2 ++
2 files chang
This patch defines kernel_read_file_from_fd(), a wrapper for the VFS
common kernel_read_file().
Changelog:
- Separated from the kernel modules patch
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
fs/exec.c | 16
include/linux/fs.h | 2 ++
2 files chang
satkin <dmitry.kasat...@huawei.com>
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h| 2 ++
security/integrity/ima/ima_crypto.c | 47 +
2 files changed, 49 insertions(+)
diff --git a/security/integrity/ima/ima.h b/
From: "Luis R. Rodriguez" <mcg...@kernel.org>
This will be re-used later through a new extensible interface.
Reviewed-by: Josh Boyer <jwbo...@fedoraproject.org>
Signed-off-by: Luis R. Rodriguez <mcg...@kernel.org>
Signed-off-by: Mimi Zohar <zo...@linux.
implify dev_*() print messages for generic helpers
firmware: move completing fw into a helper
Mimi Zohar (16):
ima: refactor ima_policy_show() to display "ima_hooks" rules
ima: use "ima_hooks" enum as function argument
vfs: define a generic function to read a file
.
Changelog v3:
- Replace the IMA specific enumeration with a generic one.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
fs/exec.c | 4 ++--
include/linux/fs.h| 7 ++-
include/linux/lsm_hooks.h | 4 +++-
include/linux/security.h | 7 +--
se
h algo to the ima_collect_measurement().
Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com>
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h | 15 +++
security/integrity/ima/ima_api.c | 15 +++
secu
ocess_file() allocating memory, the caller
allocates and frees the memory.
- Moved the kexec measurement/appraisal call to copy_file_from_fd(). The
same call now measures and appraises both the kexec image and initramfs.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
include/linux/fs.h
Add support for measuring and appraising the IMA policy itself.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h| 2 ++
security/integrity/ima/ima_fs.c | 9 -
security/integrity/ima/ima_main.c | 3 +++
security/integri
Luis R. Rodriguez <mcg...@kernel.org>
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
drivers/base/firmware_class.c | 16 +++-
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
index fb64814..c65
module
twice, once for measuring/appraising and again for loading the kernel
module, the signature validation is moved to the kernel_post_read_file()
security hook.
This patch removes the security_kernel_module_from_file() hook and security
call.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.
The kernel_read_file security hook is called prior to reading the file
into memory.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
fs/exec.c | 4
include/linux/ima.h | 6 ++
include/linux/lsm_hooks.h | 8
include
{
enum ima_hooks func_id;
enum kernel_read_file_id read_id;
};
};
Option 3: incorportate the ima_hooks enumeration into kernel_read_file_id,
perhaps changing the enumeration name.
For now, duplicate the new READING_KEXEC_IMAGE/INITRAMFS in ima_hooks.
Signed-off-by: Mimi
v3:
- moved kernel_read_file_from_path() to a separate patch
v2:
- after re-ordering the patches, replace calling integrity_kernel_read()
to read the file with kernel_read_file_from_path() (Mimi)
- Patch description re-written by Luis R. Rodriguez
Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com>
S
Require the IMA policy to be signed when additional rules can be added.
v1:
- initialize the policy flag
- include IMA_APPRAISE_POLICY in the policy flag
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/ima/ima_policy.c | 7 +++
1 file changed, 7 inse
Cleanup the function arguments by using "ima_hooks" enumerator as needed.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h | 25 +
security/integrity/ima/ima_api.c | 6 +++---
security/integrity/ima/ima
kernel_fw_from_file() hook and security call.
Changelog v3:
- remove kernel_fw_from_file hook
- use kernel_file_read_from_path() - requested by Luis
v2:
- reordered and squashed firmware patches
- fix MAX firmware size (Kees Cook)
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
driver
Define and call a function to display the "ima_hooks" rules.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/ima/ima_policy.c | 63 +
1 file changed, 36 insertions(+), 27 deletions(-)
diff --git a/securi
simplifies adding support for other files read by the kernel.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/iint.c | 4 ++--
security/integrity/ima/ima.h | 3 ++-
security/integrity/ima/ima_appraise.
Setting up ahash has some overhead. Only use ahash to calculate the
hash of a buffer, if the buffer is larger than ima_ahash_minsize.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/ima/ima_crypto.c | 75 -
1 file chang
the kexec changes
in "kexec: replace call to copy_file_from_fd() with kernel version".
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
include/linux/ima.h | 8 +++
include/linux/security.h | 1 +
security/integrity/ima/ima.h
On Wed, 2016-01-20 at 15:56 -0800, Luis R. Rodriguez wrote:
> On Wed, Jan 20, 2016 at 3:39 PM, Luis R. Rodriguez wrote:
> >> @@ -350,13 +321,18 @@ static int fw_get_filesystem_firmware(struct device
> >> *device,
> >> file = filp_open(path, O_RDONLY, 0);
> >>
On Tue, 2016-01-19 at 16:10 -0800, Kees Cook wrote:
> On Mon, Jan 18, 2016 at 7:11 AM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote:
> > Replace fw_read_file_contents() for reading a file with the common VFS
> > kernel_read_file() function. A benefit of calling kernel_re
On Tue, 2016-01-19 at 21:26 +0200, Dmitry Kasatkin wrote:
> On Mon, Jan 18, 2016 at 5:11 PM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote:
> > From: Dmitry Kasatkin <d.kasat...@samsung.com>
> >
> > This patch provides convenient buffer hash calculation function.
On Tue, 2016-01-19 at 22:00 +0200, Dmitry Kasatkin wrote:
> Hi Mimi,
>
> Please change
>
> Signed-off-by: Dmitry Kasatkin
I'll make the change here and in the other patches as well.
Mimi
___
kexec mailing list
On Wed, 2016-01-20 at 02:09 +0100, Luis R. Rodriguez wrote:
> On Mon, Jan 18, 2016 at 10:11:17AM -0500, Mimi Zohar wrote:
> > diff --git a/fs/exec.c b/fs/exec.c
> > index b06623a..6d623c2 100644
> > --- a/fs/exec.c
> > +++ b/fs/exec.c
> > @@ -831,6 +832,58 @@
On Thu, 2016-01-21 at 01:05 +0100, Luis R. Rodriguez wrote:
> On Mon, Jan 18, 2016 at 10:11:24AM -0500, Mimi Zohar wrote:
> > --- a/fs/exec.c
> > +++ b/fs/exec.c
> > @@ -903,6 +903,27 @@ out:
> > return ret;
> > }
> >
> > +int kernel_read_file_f
1 - 100 of 436 matches
Mail list logo