[PATCH v9 14/25] security: Introduce path_post_mknod hook

Christian Brauner brauner at kernel.org
Fri Feb 9 09:54:10 UTC 2024


On Mon, Jan 15, 2024 at 07:17:58PM +0100, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu at huawei.com>
> 
> In preparation for moving IMA and EVM to the LSM infrastructure, introduce
> the path_post_mknod hook.
> 
> IMA-appraisal requires all existing files in policy to have a file
> hash/signature stored in security.ima. An exception is made for empty files
> created by mknod, by tagging them as new files.
> 
> LSMs could also take some action after files are created.
> 
> The new hook cannot return an error and cannot cause the operation to be
> reverted.
> 
> Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
> Acked-by: Casey Schaufler <casey at schaufler-ca.com>
> Reviewed-by: Mimi Zohar <zohar at linux.ibm.com>
> ---
>  fs/namei.c                    |  5 +++++

Acked-by: Christian Brauner <brauner at kernel.org>



More information about the Linux-security-module-archive mailing list