On Tue, Nov 24, 2020 at 12:04 PM KP Singh wrote:
>
> On Tue, Nov 24, 2020 at 5:02 AM Alexei Starovoitov
> wrote:
> >
> > On Fri, Nov 20, 2020 at 01:17:07PM +, KP Singh wrote:
> > > +
> > > +static bool bpf_ima_inode_hash_allowed(const struct bpf_prog *prog)
> > > +{
> > > + return
On Tue, Nov 24, 2020 at 5:02 AM Alexei Starovoitov
wrote:
>
> On Fri, Nov 20, 2020 at 01:17:07PM +, KP Singh wrote:
> > +
> > +static bool bpf_ima_inode_hash_allowed(const struct bpf_prog *prog)
> > +{
> > + return bpf_lsm_is_sleepable_hook(prog->aux->attach_btf_id);
> > +}
> > +
> >
On Fri, Nov 20, 2020 at 01:17:07PM +, KP Singh wrote:
> +
> +static bool bpf_ima_inode_hash_allowed(const struct bpf_prog *prog)
> +{
> + return bpf_lsm_is_sleepable_hook(prog->aux->attach_btf_id);
> +}
> +
> +BTF_ID_LIST_SINGLE(bpf_ima_inode_hash_btf_ids, struct, inode)
> +
> +const
[...]
> > + * long bpf_ima_inode_hash(struct inode *inode, void *dst, u32 size)
> > + * Description
> > + * Returns the stored IMA hash of the *inode* (if it's
> > avaialable).
> > + * If the hash is larger than *size*, then only *size*
> > + * bytes will be
On 11/20/20 5:17 AM, KP Singh wrote:
From: KP Singh
Provide a wrapper function to get the IMA hash of an inode. This helper
is useful in fingerprinting files (e.g executables on execution) and
using these fingerprints in detections like an executable unlinking
itself.
Since the
From: KP Singh
Provide a wrapper function to get the IMA hash of an inode. This helper
is useful in fingerprinting files (e.g executables on execution) and
using these fingerprints in detections like an executable unlinking
itself.
Since the ima_inode_hash can sleep, it's only allowed for
6 matches
Mail list logo
