[PATCH v9 14/25] security: Introduce path_post_mknod hook
Paul Moore
paul at paul-moore.com
Thu Feb 8 03:18:45 UTC 2024
On Jan 15, 2024 Roberto Sassu <roberto.sassu at huaweicloud.com> wrote:
>
> In preparation for moving IMA and EVM to the LSM infrastructure, introduce
> the path_post_mknod hook.
>
> IMA-appraisal requires all existing files in policy to have a file
> hash/signature stored in security.ima. An exception is made for empty files
> created by mknod, by tagging them as new files.
>
> LSMs could also take some action after files are created.
>
> The new hook cannot return an error and cannot cause the operation to be
> reverted.
>
> Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
> Acked-by: Casey Schaufler <casey at schaufler-ca.com>
> Reviewed-by: Mimi Zohar <zohar at linux.ibm.com>
> ---
> fs/namei.c | 5 +++++
> include/linux/lsm_hook_defs.h | 2 ++
> include/linux/security.h | 5 +++++
> security/security.c | 14 ++++++++++++++
> 4 files changed, 26 insertions(+)
Acked-by: Paul Moore <paul at paul-moore.com>
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list