[PATCH V8 1/3] Define a new IMA hook to measure the boot command line arguments
James Morris
jmorris at namei.org
Thu Jun 13 19:10:48 UTC 2019
On Wed, 12 Jun 2019, Prakhar Srivastava wrote:
> This patch adds support in ima to measure kexec cmdline args
> during soft reboot(kexec_file_load).
>
> - A new ima hook ima_kexec_cmdline is defined to be called by the
> kexec code.
> - A new function process_buffer_measurement is defined to measure
> the buffer hash into the ima log.
> - A new func policy KEXEC_CMDLINE is defined to control the
> measurement.[Suggested by Mimi]
>
> Signed-off-by: Prakhar Srivastava <prsriva02 at gmail.com>
> + struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
> + struct ima_event_data event_data = {.iint = iint };
Minor nit: looks like this could be simplified to:
struct integrity_iint_cache iint = {};
struct ima_event_data event_data = {.iint = &iint };
which also saves the later memset. 'hash' can also be initialized with '=
{}'.
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list