projects / platform / upstream / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 664e798) | patch
ima: Write the policy filename into IMA's sysfs policy file (#4766)
authorStefan Berger <stefanb@us.ibm.com>
Tue, 29 Nov 2016 15:47:20 +0000 (10:47 -0500)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Tue, 29 Nov 2016 15:47:20 +0000 (10:47 -0500)
commite8e42b31c5a950a7b43d64f4a531ec59750e823e
tree13859dcc19a89f0c663b138fb8ccb83368dae99dtree | snapshot
parent664e7984f8a96c1962961fcc1ebe6bd4a0c58c5fcommit | diff
ima: Write the policy filename into IMA's sysfs policy file (#4766)

IMA validates file signatures based on the security.ima xattr. As of
Linux-4.7, instead of copying the IMA policy into the securityfs policy,
the IMA policy pathname can be written, allowing the IMA policy file
signature to be validated.

This patch modifies the existing code to first attempt to write the
pathname, but on failure falls back to copying the IMA policy contents.
src/core/ima-setup.c diff | blob | history
Domain: System / System Framework;