[PATCH v9 15/25] security: Introduce inode_post_create_tmpfile hook

Paul Moore paul at paul-moore.com
Thu Feb 8 03:18:46 UTC 2024


On Jan 15, 2024 Roberto Sassu <roberto.sassu at huaweicloud.com> wrote:
> 
> In preparation for moving IMA and EVM to the LSM infrastructure, introduce
> the inode_post_create_tmpfile hook.
> 
> As temp files can be made persistent, treat new temp files like other new
> files, so that the file hash is calculated and stored in the security
> xattr.
> 
> LSMs could also take some action after temp files have been created.
> 
> The new hook cannot return an error and cannot cause the operation to be
> canceled.
> 
> Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
> Acked-by: Casey Schaufler <casey at schaufler-ca.com>
> Reviewed-by: Mimi Zohar <zohar at linux.ibm.com>
> ---
>  fs/namei.c                    |  1 +
>  include/linux/lsm_hook_defs.h |  2 ++
>  include/linux/security.h      |  6 ++++++
>  security/security.c           | 15 +++++++++++++++
>  4 files changed, 24 insertions(+)

Acked-by: Paul Moore <paul at paul-moore.com>

--
paul-moore.com



More information about the Linux-security-module-archive mailing list