[PATCH v3 15/25] security: Introduce file_pre_free_security hook
Stefan Berger
stefanb at linux.ibm.com
Tue Sep 5 18:36:16 UTC 2023
On 9/4/23 09:34, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu at huawei.com>
>
> In preparation for moving IMA and EVM to the LSM infrastructure, introduce
> the file_pre_free_security hook.
>
> It is useful for IMA to calculate the digest of the file content, just
> before a file descriptor is closed, and update the security.ima xattr with
> the new value.
>
> LSMs should use this hook instead of file_free_security, if they still need
> to access the opened file, before it is closed. The new hook cannot return
> an error and cannot cause the operation to be canceled.
>
> Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
Reviewed-by: Stefan Berger <stefanb at linux.ibm.com>
More information about the Linux-security-module-archive
mailing list