From: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: linux-security-module <linux-security-module@vger.kernel.org>,
"Luis R. Rodriguez" <mcgrof@suse.com>,
kexec@lists.infradead.org, linux-modules@vger.kernel.org,
fsdevel@vger.kernel.org, David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Kees Cook <keescook@chromium.org>,
Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Eric Biederman <ebiederm@xmission.com>,
Rusty Russell <rusty@rustcorp.com.au>
Subject: Re: [PATCH v3 03/22] ima: use "ima_hooks" enum as function argument
Date: Wed, 10 Feb 2016 21:35:30 +0200 [thread overview]
Message-ID: <CACE9dm9Ho0ACUQ56bWTRmM8OFtK5rROX5=rVz1V1j4wSqyP21A@mail.gmail.com> (raw)
In-Reply-To: <1454526390-19792-4-git-send-email-zohar@linux.vnet.ibm.com>
On Wed, Feb 3, 2016 at 9:06 PM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> Cleanup the function arguments by using "ima_hooks" enumerator as needed.
>
> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
> ---
> security/integrity/ima/ima.h | 25 +++++++++++++++++--------
> security/integrity/ima/ima_api.c | 6 +++---
> security/integrity/ima/ima_appraise.c | 13 +++++++------
> security/integrity/ima/ima_main.c | 14 +++++++-------
> security/integrity/ima/ima_policy.c | 6 +++---
> 5 files changed, 37 insertions(+), 27 deletions(-)
>
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index fb8da36..b7e7935 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -137,9 +137,18 @@ static inline unsigned long ima_hash_key(u8 *digest)
> return hash_long(*digest, IMA_HASH_BITS);
> }
>
> +enum ima_hooks {
> + FILE_CHECK = 1,
> + MMAP_CHECK,
> + BPRM_CHECK,
> + MODULE_CHECK,
> + FIRMWARE_CHECK,
> + POST_SETATTR
> +};
> +
> /* LIM API function definitions */
> -int ima_get_action(struct inode *inode, int mask, int function);
> -int ima_must_measure(struct inode *inode, int mask, int function);
> +int ima_get_action(struct inode *inode, int mask, enum ima_hooks func);
> +int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func);
> int ima_collect_measurement(struct integrity_iint_cache *iint,
> struct file *file, enum hash_algo algo);
> void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
> @@ -156,8 +165,6 @@ void ima_free_template_entry(struct ima_template_entry *entry);
> const char *ima_d_path(struct path *path, char **pathbuf);
>
> /* IMA policy related functions */
> -enum ima_hooks { FILE_CHECK = 1, MMAP_CHECK, BPRM_CHECK, MODULE_CHECK, FIRMWARE_CHECK, POST_SETATTR };
> -
> int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
> int flags);
> void ima_init_policy(void);
> @@ -179,21 +186,22 @@ int ima_policy_show(struct seq_file *m, void *v);
> #define IMA_APPRAISE_FIRMWARE 0x10
>
> #ifdef CONFIG_IMA_APPRAISE
> -int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
> +int ima_appraise_measurement(enum ima_hooks func,
> + struct integrity_iint_cache *iint,
> struct file *file, const unsigned char *filename,
> struct evm_ima_xattr_data *xattr_value,
> int xattr_len, int opened);
> int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);
> void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);
> enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
> - int func);
> + enum ima_hooks func);
> enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
> int xattr_len);
> int ima_read_xattr(struct dentry *dentry,
> struct evm_ima_xattr_data **xattr_value);
>
> #else
> -static inline int ima_appraise_measurement(int func,
> +static inline int ima_appraise_measurement(enum ima_hooks func,
> struct integrity_iint_cache *iint,
> struct file *file,
> const unsigned char *filename,
> @@ -215,7 +223,8 @@ static inline void ima_update_xattr(struct integrity_iint_cache *iint,
> }
>
> static inline enum integrity_status ima_get_cache_status(struct integrity_iint_cache
> - *iint, int func)
> + *iint,
> + enum ima_hooks func)
> {
> return INTEGRITY_UNKNOWN;
> }
> diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
> index e7c7a5d..8750254 100644
> --- a/security/integrity/ima/ima_api.c
> +++ b/security/integrity/ima/ima_api.c
> @@ -156,7 +156,7 @@ err_out:
> * ima_get_action - appraise & measure decision based on policy.
> * @inode: pointer to inode to measure
> * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)
> - * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK)
> + * @func: caller identifier
> *
> * The policy is defined in terms of keypairs:
> * subj=, obj=, type=, func=, mask=, fsmagic=
> @@ -168,13 +168,13 @@ err_out:
> * Returns IMA_MEASURE, IMA_APPRAISE mask.
> *
> */
> -int ima_get_action(struct inode *inode, int mask, int function)
> +int ima_get_action(struct inode *inode, int mask, enum ima_hooks func)
> {
> int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE;
>
> flags &= ima_policy_flag;
>
> - return ima_match_policy(inode, function, mask, flags);
> + return ima_match_policy(inode, func, mask, flags);
> }
>
> /*
> diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
> index 9c2b46b..2888449 100644
> --- a/security/integrity/ima/ima_appraise.c
> +++ b/security/integrity/ima/ima_appraise.c
> @@ -67,7 +67,7 @@ static int ima_fix_xattr(struct dentry *dentry,
>
> /* Return specific func appraised cached result */
> enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
> - int func)
> + enum ima_hooks func)
> {
> switch (func) {
> case MMAP_CHECK:
> @@ -85,7 +85,8 @@ enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
> }
>
> static void ima_set_cache_status(struct integrity_iint_cache *iint,
> - int func, enum integrity_status status)
> + enum ima_hooks func,
> + enum integrity_status status)
> {
> switch (func) {
> case MMAP_CHECK:
> @@ -103,11 +104,11 @@ static void ima_set_cache_status(struct integrity_iint_cache *iint,
> case FILE_CHECK:
> default:
> iint->ima_file_status = status;
> - break;
> }
> }
>
> -static void ima_cache_flags(struct integrity_iint_cache *iint, int func)
> +static void ima_cache_flags(struct integrity_iint_cache *iint,
> + enum ima_hooks func)
> {
> switch (func) {
> case MMAP_CHECK:
> @@ -125,7 +126,6 @@ static void ima_cache_flags(struct integrity_iint_cache *iint, int func)
> case FILE_CHECK:
> default:
> iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED);
> - break;
> }
> }
>
> @@ -185,7 +185,8 @@ int ima_read_xattr(struct dentry *dentry,
> *
> * Return 0 on success, error code otherwise
> */
> -int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
> +int ima_appraise_measurement(enum ima_hooks func,
> + struct integrity_iint_cache *iint,
> struct file *file, const unsigned char *filename,
> struct evm_ima_xattr_data *xattr_value,
> int xattr_len, int opened)
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index d9fc463..78a80c8 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -153,8 +153,8 @@ void ima_file_free(struct file *file)
> ima_check_last_writer(iint, inode, file);
> }
>
> -static int process_measurement(struct file *file, int mask, int function,
> - int opened)
> +static int process_measurement(struct file *file, int mask,
> + enum ima_hooks func, int opened)
> {
> struct inode *inode = file_inode(file);
> struct integrity_iint_cache *iint = NULL;
> @@ -174,8 +174,8 @@ static int process_measurement(struct file *file, int mask, int function,
> * bitmask based on the appraise/audit/measurement policy.
> * Included is the appraise submask.
> */
> - action = ima_get_action(inode, mask, function);
> - violation_check = ((function == FILE_CHECK || function == MMAP_CHECK) &&
> + action = ima_get_action(inode, mask, func);
> + violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) &&
> (ima_policy_flag & IMA_MEASURE));
> if (!action && !violation_check)
> return 0;
> @@ -184,7 +184,7 @@ static int process_measurement(struct file *file, int mask, int function,
>
> /* Is the appraise rule hook specific? */
> if (action & IMA_FILE_APPRAISE)
> - function = FILE_CHECK;
> + func = FILE_CHECK;
>
> mutex_lock(&inode->i_mutex);
>
> @@ -214,7 +214,7 @@ static int process_measurement(struct file *file, int mask, int function,
> /* Nothing to do, just return existing appraised status */
> if (!action) {
> if (must_appraise)
> - rc = ima_get_cache_status(iint, function);
> + rc = ima_get_cache_status(iint, func);
> goto out_digsig;
> }
>
> @@ -240,7 +240,7 @@ static int process_measurement(struct file *file, int mask, int function,
> ima_store_measurement(iint, file, pathname,
> xattr_value, xattr_len);
> if (action & IMA_APPRAISE_SUBMASK)
> - rc = ima_appraise_measurement(function, iint, file, pathname,
> + rc = ima_appraise_measurement(func, iint, file, pathname,
> xattr_value, xattr_len, opened);
> if (action & IMA_AUDIT)
> ima_audit_measurement(iint, pathname);
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 43b6425..b089ebe 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -207,8 +207,8 @@ static void ima_lsm_update_rules(void)
> *
> * Returns true on rule match, false on failure.
> */
> -static bool ima_match_rules(struct ima_rule_entry *rule,
> - struct inode *inode, enum ima_hooks func, int mask)
> +static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
> + enum ima_hooks func, int mask)
> {
> struct task_struct *tsk = current;
> const struct cred *cred = current_cred();
> @@ -289,7 +289,7 @@ retry:
> * In addition to knowing that we need to appraise the file in general,
> * we need to differentiate between calling hooks, for hook specific rules.
> */
> -static int get_subaction(struct ima_rule_entry *rule, int func)
> +static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func)
> {
> if (!(rule->flags & IMA_FUNC))
> return IMA_FILE_APPRAISE;
> --
> 2.1.0
>
--
Thanks,
Dmitry
WARNING: multiple messages have this Message-ID (diff)
From: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>,
Kees Cook <keescook@chromium.org>,
fsdevel@vger.kernel.org, "Luis R. Rodriguez" <mcgrof@suse.com>,
Dmitry Torokhov <dmitry.torokhov@gmail.com>,
kexec@lists.infradead.org, David Howells <dhowells@redhat.com>,
linux-security-module <linux-security-module@vger.kernel.org>,
Eric Biederman <ebiederm@xmission.com>,
David Woodhouse <dwmw2@infradead.org>,
linux-modules@vger.kernel.org
Subject: Re: [PATCH v3 03/22] ima: use "ima_hooks" enum as function argument
Date: Wed, 10 Feb 2016 21:35:30 +0200 [thread overview]
Message-ID: <CACE9dm9Ho0ACUQ56bWTRmM8OFtK5rROX5=rVz1V1j4wSqyP21A@mail.gmail.com> (raw)
In-Reply-To: <1454526390-19792-4-git-send-email-zohar@linux.vnet.ibm.com>
On Wed, Feb 3, 2016 at 9:06 PM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> Cleanup the function arguments by using "ima_hooks" enumerator as needed.
>
> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
> ---
> security/integrity/ima/ima.h | 25 +++++++++++++++++--------
> security/integrity/ima/ima_api.c | 6 +++---
> security/integrity/ima/ima_appraise.c | 13 +++++++------
> security/integrity/ima/ima_main.c | 14 +++++++-------
> security/integrity/ima/ima_policy.c | 6 +++---
> 5 files changed, 37 insertions(+), 27 deletions(-)
>
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index fb8da36..b7e7935 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -137,9 +137,18 @@ static inline unsigned long ima_hash_key(u8 *digest)
> return hash_long(*digest, IMA_HASH_BITS);
> }
>
> +enum ima_hooks {
> + FILE_CHECK = 1,
> + MMAP_CHECK,
> + BPRM_CHECK,
> + MODULE_CHECK,
> + FIRMWARE_CHECK,
> + POST_SETATTR
> +};
> +
> /* LIM API function definitions */
> -int ima_get_action(struct inode *inode, int mask, int function);
> -int ima_must_measure(struct inode *inode, int mask, int function);
> +int ima_get_action(struct inode *inode, int mask, enum ima_hooks func);
> +int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func);
> int ima_collect_measurement(struct integrity_iint_cache *iint,
> struct file *file, enum hash_algo algo);
> void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
> @@ -156,8 +165,6 @@ void ima_free_template_entry(struct ima_template_entry *entry);
> const char *ima_d_path(struct path *path, char **pathbuf);
>
> /* IMA policy related functions */
> -enum ima_hooks { FILE_CHECK = 1, MMAP_CHECK, BPRM_CHECK, MODULE_CHECK, FIRMWARE_CHECK, POST_SETATTR };
> -
> int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
> int flags);
> void ima_init_policy(void);
> @@ -179,21 +186,22 @@ int ima_policy_show(struct seq_file *m, void *v);
> #define IMA_APPRAISE_FIRMWARE 0x10
>
> #ifdef CONFIG_IMA_APPRAISE
> -int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
> +int ima_appraise_measurement(enum ima_hooks func,
> + struct integrity_iint_cache *iint,
> struct file *file, const unsigned char *filename,
> struct evm_ima_xattr_data *xattr_value,
> int xattr_len, int opened);
> int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);
> void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);
> enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
> - int func);
> + enum ima_hooks func);
> enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
> int xattr_len);
> int ima_read_xattr(struct dentry *dentry,
> struct evm_ima_xattr_data **xattr_value);
>
> #else
> -static inline int ima_appraise_measurement(int func,
> +static inline int ima_appraise_measurement(enum ima_hooks func,
> struct integrity_iint_cache *iint,
> struct file *file,
> const unsigned char *filename,
> @@ -215,7 +223,8 @@ static inline void ima_update_xattr(struct integrity_iint_cache *iint,
> }
>
> static inline enum integrity_status ima_get_cache_status(struct integrity_iint_cache
> - *iint, int func)
> + *iint,
> + enum ima_hooks func)
> {
> return INTEGRITY_UNKNOWN;
> }
> diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
> index e7c7a5d..8750254 100644
> --- a/security/integrity/ima/ima_api.c
> +++ b/security/integrity/ima/ima_api.c
> @@ -156,7 +156,7 @@ err_out:
> * ima_get_action - appraise & measure decision based on policy.
> * @inode: pointer to inode to measure
> * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)
> - * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK)
> + * @func: caller identifier
> *
> * The policy is defined in terms of keypairs:
> * subj=, obj=, type=, func=, mask=, fsmagic=
> @@ -168,13 +168,13 @@ err_out:
> * Returns IMA_MEASURE, IMA_APPRAISE mask.
> *
> */
> -int ima_get_action(struct inode *inode, int mask, int function)
> +int ima_get_action(struct inode *inode, int mask, enum ima_hooks func)
> {
> int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE;
>
> flags &= ima_policy_flag;
>
> - return ima_match_policy(inode, function, mask, flags);
> + return ima_match_policy(inode, func, mask, flags);
> }
>
> /*
> diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
> index 9c2b46b..2888449 100644
> --- a/security/integrity/ima/ima_appraise.c
> +++ b/security/integrity/ima/ima_appraise.c
> @@ -67,7 +67,7 @@ static int ima_fix_xattr(struct dentry *dentry,
>
> /* Return specific func appraised cached result */
> enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
> - int func)
> + enum ima_hooks func)
> {
> switch (func) {
> case MMAP_CHECK:
> @@ -85,7 +85,8 @@ enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
> }
>
> static void ima_set_cache_status(struct integrity_iint_cache *iint,
> - int func, enum integrity_status status)
> + enum ima_hooks func,
> + enum integrity_status status)
> {
> switch (func) {
> case MMAP_CHECK:
> @@ -103,11 +104,11 @@ static void ima_set_cache_status(struct integrity_iint_cache *iint,
> case FILE_CHECK:
> default:
> iint->ima_file_status = status;
> - break;
> }
> }
>
> -static void ima_cache_flags(struct integrity_iint_cache *iint, int func)
> +static void ima_cache_flags(struct integrity_iint_cache *iint,
> + enum ima_hooks func)
> {
> switch (func) {
> case MMAP_CHECK:
> @@ -125,7 +126,6 @@ static void ima_cache_flags(struct integrity_iint_cache *iint, int func)
> case FILE_CHECK:
> default:
> iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED);
> - break;
> }
> }
>
> @@ -185,7 +185,8 @@ int ima_read_xattr(struct dentry *dentry,
> *
> * Return 0 on success, error code otherwise
> */
> -int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
> +int ima_appraise_measurement(enum ima_hooks func,
> + struct integrity_iint_cache *iint,
> struct file *file, const unsigned char *filename,
> struct evm_ima_xattr_data *xattr_value,
> int xattr_len, int opened)
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index d9fc463..78a80c8 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -153,8 +153,8 @@ void ima_file_free(struct file *file)
> ima_check_last_writer(iint, inode, file);
> }
>
> -static int process_measurement(struct file *file, int mask, int function,
> - int opened)
> +static int process_measurement(struct file *file, int mask,
> + enum ima_hooks func, int opened)
> {
> struct inode *inode = file_inode(file);
> struct integrity_iint_cache *iint = NULL;
> @@ -174,8 +174,8 @@ static int process_measurement(struct file *file, int mask, int function,
> * bitmask based on the appraise/audit/measurement policy.
> * Included is the appraise submask.
> */
> - action = ima_get_action(inode, mask, function);
> - violation_check = ((function == FILE_CHECK || function == MMAP_CHECK) &&
> + action = ima_get_action(inode, mask, func);
> + violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) &&
> (ima_policy_flag & IMA_MEASURE));
> if (!action && !violation_check)
> return 0;
> @@ -184,7 +184,7 @@ static int process_measurement(struct file *file, int mask, int function,
>
> /* Is the appraise rule hook specific? */
> if (action & IMA_FILE_APPRAISE)
> - function = FILE_CHECK;
> + func = FILE_CHECK;
>
> mutex_lock(&inode->i_mutex);
>
> @@ -214,7 +214,7 @@ static int process_measurement(struct file *file, int mask, int function,
> /* Nothing to do, just return existing appraised status */
> if (!action) {
> if (must_appraise)
> - rc = ima_get_cache_status(iint, function);
> + rc = ima_get_cache_status(iint, func);
> goto out_digsig;
> }
>
> @@ -240,7 +240,7 @@ static int process_measurement(struct file *file, int mask, int function,
> ima_store_measurement(iint, file, pathname,
> xattr_value, xattr_len);
> if (action & IMA_APPRAISE_SUBMASK)
> - rc = ima_appraise_measurement(function, iint, file, pathname,
> + rc = ima_appraise_measurement(func, iint, file, pathname,
> xattr_value, xattr_len, opened);
> if (action & IMA_AUDIT)
> ima_audit_measurement(iint, pathname);
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 43b6425..b089ebe 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -207,8 +207,8 @@ static void ima_lsm_update_rules(void)
> *
> * Returns true on rule match, false on failure.
> */
> -static bool ima_match_rules(struct ima_rule_entry *rule,
> - struct inode *inode, enum ima_hooks func, int mask)
> +static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
> + enum ima_hooks func, int mask)
> {
> struct task_struct *tsk = current;
> const struct cred *cred = current_cred();
> @@ -289,7 +289,7 @@ retry:
> * In addition to knowing that we need to appraise the file in general,
> * we need to differentiate between calling hooks, for hook specific rules.
> */
> -static int get_subaction(struct ima_rule_entry *rule, int func)
> +static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func)
> {
> if (!(rule->flags & IMA_FUNC))
> return IMA_FILE_APPRAISE;
> --
> 2.1.0
>
--
Thanks,
Dmitry
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2016-02-10 19:35 UTC|newest]
Thread overview: 154+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-03 19:06 [PATCH v3 00/22] vfs: support for a common kernel file loader Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 01/22] ima: separate 'security.ima' reading functionality from collect Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 02/22] ima: refactor ima_policy_show() to display "ima_hooks" rules Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-07 19:45 ` Petko Manolov
2016-02-07 19:45 ` Petko Manolov
2016-02-10 19:33 ` Dmitry Kasatkin
2016-02-10 19:33 ` Dmitry Kasatkin
2016-02-03 19:06 ` [PATCH v3 03/22] ima: use "ima_hooks" enum as function argument Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-07 19:46 ` Petko Manolov
2016-02-07 19:46 ` Petko Manolov
2016-02-10 19:35 ` Dmitry Kasatkin [this message]
2016-02-10 19:35 ` Dmitry Kasatkin
2016-02-03 19:06 ` [PATCH v3 04/22] firmware: simplify dev_*() print messages for generic helpers Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:26 ` Kees Cook
2016-02-04 17:26 ` Kees Cook
2016-02-03 19:06 ` [PATCH v3 05/22] firmware: move completing fw into a helper Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:27 ` Kees Cook
2016-02-04 17:27 ` Kees Cook
2016-02-03 19:06 ` [PATCH v3 06/22] firmware: fold successful fw read early Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:36 ` Kees Cook
2016-02-04 17:36 ` Kees Cook
2016-02-04 20:26 ` Luis R. Rodriguez
2016-02-04 20:26 ` Luis R. Rodriguez
2016-02-03 19:06 ` [PATCH v3 07/22] vfs: define a generic function to read a file from the kernel Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:41 ` Kees Cook
2016-02-04 17:41 ` Kees Cook
2016-02-03 19:06 ` [PATCH v3 08/22] vfs: define kernel_read_file_id enumeration Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:41 ` Kees Cook
2016-02-04 17:41 ` Kees Cook
2016-02-04 19:45 ` Luis R. Rodriguez
2016-02-04 19:45 ` Luis R. Rodriguez
2016-02-03 19:06 ` [PATCH v3 09/22] ima: provide buffer hash calculation function Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 10/22] ima: calculate the hash of a buffer using aynchronous hash(ahash) Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-10 19:58 ` Dmitry Kasatkin
2016-02-10 19:58 ` Dmitry Kasatkin
2016-02-03 19:06 ` [PATCH v3 11/22] ima: define a new hook to measure and appraise a file already in memory Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-10 20:27 ` Dmitry Kasatkin
2016-02-10 20:27 ` Dmitry Kasatkin
2016-02-03 19:06 ` [PATCH v3 12/22] vfs: define kernel_read_file_from_path Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:46 ` Kees Cook
2016-02-04 17:46 ` Kees Cook
2016-02-04 19:47 ` Luis R. Rodriguez
2016-02-04 19:47 ` Luis R. Rodriguez
2016-02-03 19:06 ` [PATCH v3 13/22] firmware: replace call to fw_read_file_contents() with kernel version Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:56 ` Kees Cook
2016-02-04 17:56 ` Kees Cook
2016-02-04 19:51 ` Luis R. Rodriguez
2016-02-04 19:51 ` Luis R. Rodriguez
2016-02-03 19:06 ` [PATCH v3 14/22] security: define kernel_read_file hook Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:57 ` Kees Cook
2016-02-04 17:57 ` Kees Cook
2016-02-04 19:54 ` Luis R. Rodriguez
2016-02-04 19:54 ` Luis R. Rodriguez
2016-02-11 16:54 ` Casey Schaufler
2016-02-11 16:54 ` Casey Schaufler
2016-02-11 19:35 ` Mimi Zohar
2016-02-11 19:35 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 15/22] vfs: define kernel_copy_file_from_fd() Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:58 ` Kees Cook
2016-02-04 17:58 ` Kees Cook
2016-02-04 19:55 ` Luis R. Rodriguez
2016-02-04 19:55 ` Luis R. Rodriguez
2016-02-03 19:06 ` [PATCH v3 16/22] module: replace copy_module_from_fd with kernel version Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 18:04 ` Kees Cook
2016-02-04 18:04 ` Kees Cook
2016-02-04 19:56 ` Luis R. Rodriguez
2016-02-04 19:56 ` Luis R. Rodriguez
2016-02-05 0:19 ` Mimi Zohar
2016-02-05 0:19 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 17/22] ima: remove firmware and module specific cached status info Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-07 19:56 ` Petko Manolov
2016-02-07 19:56 ` Petko Manolov
2016-02-10 20:18 ` Dmitry Kasatkin
2016-02-10 20:18 ` Dmitry Kasatkin
2016-02-10 23:14 ` Mimi Zohar
2016-02-10 23:14 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 18/22] kexec: replace call to copy_file_from_fd() with kernel version Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 18:05 ` Kees Cook
2016-02-04 18:05 ` Kees Cook
2016-02-04 19:57 ` Luis R. Rodriguez
2016-02-04 19:57 ` Luis R. Rodriguez
2016-02-12 12:50 ` Dave Young
2016-02-12 12:50 ` Dave Young
2016-02-03 19:06 ` [PATCH v3 19/22] ima: support for kexec image and initramfs Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-07 20:10 ` Petko Manolov
2016-02-07 20:10 ` Petko Manolov
2016-02-08 23:34 ` Mimi Zohar
2016-02-08 23:34 ` Mimi Zohar
2016-02-10 21:09 ` Dmitry Kasatkin
2016-02-10 21:09 ` Dmitry Kasatkin
2016-02-10 23:21 ` Mimi Zohar
2016-02-10 23:21 ` Mimi Zohar
[not found] ` <CACE9dm8OJ1cgbKszUG-pCiEMVarUFLLWi_jewVV-JEMGAJsA-g@mail.gmail.com>
2016-02-11 2:08 ` Mimi Zohar
2016-02-11 2:08 ` Mimi Zohar
2016-02-11 8:47 ` Dmitry Kasatkin
2016-02-11 8:47 ` Dmitry Kasatkin
2016-02-11 12:16 ` Mimi Zohar
2016-02-11 12:16 ` Mimi Zohar
2016-02-12 12:53 ` Dave Young
2016-02-12 12:53 ` Dave Young
2016-02-12 13:09 ` Mimi Zohar
2016-02-12 13:09 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 20/22] ima: load policy using path Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-07 19:59 ` Petko Manolov
2016-02-07 19:59 ` Petko Manolov
2016-02-08 9:58 ` Dmitry Kasatkin
2016-02-08 9:58 ` Dmitry Kasatkin
2016-02-08 10:35 ` Petko Manolov
2016-02-08 10:35 ` Petko Manolov
2016-02-08 10:45 ` Dmitry Kasatkin
2016-02-08 10:45 ` Dmitry Kasatkin
2016-02-08 21:12 ` Mimi Zohar
2016-02-08 21:12 ` Mimi Zohar
2016-02-09 7:47 ` Petko Manolov
2016-02-09 7:47 ` Petko Manolov
2016-02-03 19:06 ` [PATCH v3 21/22] ima: measure and appraise the IMA policy itself Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-07 20:01 ` Petko Manolov
2016-02-07 20:01 ` Petko Manolov
2016-02-10 20:22 ` Dmitry Kasatkin
2016-02-10 20:22 ` Dmitry Kasatkin
2016-02-10 23:15 ` Mimi Zohar
2016-02-10 23:15 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 22/22] ima: require signed IMA policy Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-07 20:02 ` Petko Manolov
2016-02-07 20:02 ` Petko Manolov
2016-02-10 20:24 ` Dmitry Kasatkin
2016-02-10 20:24 ` Dmitry Kasatkin
2016-02-04 18:15 ` [PATCH v3 00/22] vfs: support for a common kernel file loader Kees Cook
2016-02-04 18:15 ` Kees Cook
2016-02-04 23:54 ` Mimi Zohar
2016-02-04 23:54 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACE9dm9Ho0ACUQ56bWTRmM8OFtK5rROX5=rVz1V1j4wSqyP21A@mail.gmail.com' \
--to=dmitry.kasatkin@gmail.com \
--cc=dhowells@redhat.com \
--cc=dmitry.torokhov@gmail.com \
--cc=dwmw2@infradead.org \
--cc=ebiederm@xmission.com \
--cc=fsdevel@vger.kernel.org \
--cc=keescook@chromium.org \
--cc=kexec@lists.infradead.org \
--cc=linux-modules@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mcgrof@suse.com \
--cc=rusty@rustcorp.com.au \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.