Re: [PATCH v6 7/8] module: replace the existing LSM hook in init_module

From: Kees Cook
Date: Sat Jul 14 2018 - 22:30:14 EST

Next message: Kees Cook: "Re: [PATCH v6 8/8] ima: based on policy warn about loading firmware (pre-allocated buffer)"
Previous message: Kees Cook: "Re: [PATCH v6 6/8] ima: add build time policy"
In reply to: Mimi Zohar: "[PATCH v6 7/8] module: replace the existing LSM hook in init_module"
Next in thread: Mimi Zohar: "[PATCH v6 8/8] ima: based on policy warn about loading firmware (pre-allocated buffer)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jul 13, 2018 at 11:06 AM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> Both the init_module and finit_module syscalls call either directly
> or indirectly the security_kernel_read_file LSM hook. This patch
> replaces the direct call in init_module with a call to the new
> security_kernel_load_data hook and makes the corresponding changes
> in SELinux, LoadPin, and IMA.
>
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
> Cc: Jeff Vander Stoep <jeffv@xxxxxxxxxx>
> Cc: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> Acked-by: Jessica Yu <jeyu@xxxxxxxxxx>
> Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx>

Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>

Thanks!

-Kees

--
Kees Cook
Pixel Security

Next message: Kees Cook: "Re: [PATCH v6 8/8] ima: based on policy warn about loading firmware (pre-allocated buffer)"
Previous message: Kees Cook: "Re: [PATCH v6 6/8] ima: add build time policy"
In reply to: Mimi Zohar: "[PATCH v6 7/8] module: replace the existing LSM hook in init_module"
Next in thread: Mimi Zohar: "[PATCH v6 8/8] ima: based on policy warn about loading firmware (pre-allocated buffer)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]