[PATCH bpf-next v2 2/3] bpf: Add a BPF helper for getting the IMA hash of an inode

Yonghong Song yhs at fb.com
Sat Nov 21 06:54:27 UTC 2020



On 11/20/20 4:50 PM, KP Singh wrote:
> From: KP Singh <kpsingh at google.com>
> 
> Provide a wrapper function to get the IMA hash of an inode. This helper
> is useful in fingerprinting files (e.g executables on execution) and
> using these fingerprints in detections like an executable unlinking
> itself.
> 
> Since the ima_inode_hash can sleep, it's only allowed for sleepable
> LSM hooks.
> 
> Signed-off-by: KP Singh <kpsingh at google.com>
Acked-by: Yonghong Song <yhs at fb.com>



More information about the Linux-security-module-archive mailing list