[PATCH v3 0/3] security: Always enable integrity LSM
Roberto Sassu
roberto.sassu at huaweicloud.com
Thu Mar 9 08:54:30 UTC 2023
From: Roberto Sassu <roberto.sassu at huawei.com>
Since the integrity (including IMA and EVM) functions are currently always
called by the LSM infrastructure, and always after all LSMs, formalize
these requirements by introducing a new LSM ordering called LSM_ORDER_LAST,
and set it for the 'integrity' LSM (patch 1).
Consequently, revert commit 92063f3ca73a ("integrity: double check
iint_cache was initialized"), as the double check becomes always verified
(patch 2), and remove 'integrity' from the list of LSMs in
security/Kconfig (patch 3).
Changelog:
v2:
- Fix commit message in patch 1 (suggested by Mimi)
- Bump version of patch 2 (v1 -> v3) to make one patch set
- Add patch 3 (suggested by Mimi)
v1:
- Add comment for LSM_ORDER_LAST definition (suggested by Mimi)
- Add Fixes tag (suggested by Mimi)
- Do minor corrections in the commit messages (suggested by Mimi and
Stefan)
Roberto Sassu (3):
security: Introduce LSM_ORDER_LAST and set it for the integrity LSM
Revert "integrity: double check iint_cache was initialized"
security: Remove integrity from the LSM list in Kconfig
include/linux/lsm_hooks.h | 1 +
security/Kconfig | 10 +++++-----
security/integrity/iint.c | 9 +--------
security/security.c | 12 +++++++++---
4 files changed, 16 insertions(+), 16 deletions(-)
--
2.25.1
More information about the Linux-security-module-archive
mailing list