[PATCH bpf-next v2 2/3] bpf: Add a BPF helper for getting the IMA hash of an inode
Yonghong Song
yhs at fb.com
Sat Nov 21 06:54:27 UTC 2020
On 11/20/20 4:50 PM, KP Singh wrote:
> From: KP Singh <kpsingh at google.com>
>
> Provide a wrapper function to get the IMA hash of an inode. This helper
> is useful in fingerprinting files (e.g executables on execution) and
> using these fingerprints in detections like an executable unlinking
> itself.
>
> Since the ima_inode_hash can sleep, it's only allowed for sleepable
> LSM hooks.
>
> Signed-off-by: KP Singh <kpsingh at google.com>
Acked-by: Yonghong Song <yhs at fb.com>
More information about the Linux-security-module-archive
mailing list