From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752960AbdLENk1 (ORCPT ); Tue, 5 Dec 2017 08:40:27 -0500 Received: from mx1.redhat.com ([209.132.183.28]:33846 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752151AbdLENkX (ORCPT ); Tue, 5 Dec 2017 08:40:23 -0500 Date: Tue, 5 Dec 2017 11:40:21 -0200 From: "Bruno E. O. Meneguele" To: Mimi Zohar , Dmitry Kasatkin Cc: linux-integrity@vger.kernel.org, linux-ima-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] ima: log message to module appraisal error Message-ID: <20171205134021.GB19965@glitch> References: <20171205133516.23454-1-brdeoliv@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="R+My9LyyhiUvIEro" Content-Disposition: inline In-Reply-To: <20171205133516.23454-1-brdeoliv@redhat.com> X-PGP-Key: http://keys.gnupg.net/pks/lookup?op=get&search=0x3823031E4660608D User-Agent: Mutt/1.9.1 (2017-09-22) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 05 Dec 2017 13:40:23 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --R+My9LyyhiUvIEro Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Ignore this erroneously sent email. v2 was already superseded by v3. On 05-12, Bruno E. O. Meneguele wrote: > Simple but useful message log to the user in case of module appraise is > forced and fails due to the lack of file descriptor, that might be > caused by kmod calls to compressed modules. >=20 > Signed-off-by: Bruno E. O. Meneguele > --- > security/integrity/ima/ima_main.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) >=20 > diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/i= ma_main.c > index 770654694efc..95ec39910058 100644 > --- a/security/integrity/ima/ima_main.c > +++ b/security/integrity/ima/ima_main.c > @@ -366,8 +366,12 @@ int ima_read_file(struct file *file, enum kernel_rea= d_file_id read_id) > =20 > if (!file && read_id =3D=3D READING_MODULE) { > if (!sig_enforce && (ima_appraise & IMA_APPRAISE_MODULES) && > - (ima_appraise & IMA_APPRAISE_ENFORCE)) > + (ima_appraise & IMA_APPRAISE_ENFORCE)) { > + pr_err("impossible to appraise a module without a file \ > + descriptor. sig_enforce kernel parameter might \ > + help\n"); > return -EACCES; /* INTEGRITY_UNKNOWN */ > + } > return 0; /* We rely on module signature checking */ > } > return 0; > --=20 > 2.14.3 >=20 > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-= module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html --R+My9LyyhiUvIEro Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEdWo6nTbnZdbDmXutYdRkFR+RokMFAlomocEACgkQYdRkFR+R okOPOwgAgxJihefG8mz4YfdGA1ycPTzE+BB20XZYWO58z9aQ/nXuvR5eaLb5cRnX yb/8IeGvdb68wxVDfFwkITaNZWlIAwkSSIuAGDEg+Iou9DASA8hqKms/ihrGHnsD qV4Gl9s1J2QYq1aIuPzBs0GRQTIfGr0emy4kHzzmGN+2K1cugFMfjB7Jc7EnCN4V mJ/rIIxqs+HMLCPMrAs/6gQERleNF4+dGcDiO6U0iTVin4aAMUrXwJiq47x7og3t xG1+/fMkXREBEIThNN/jkpo6NnahlELJZE9BuM4KhyQ4xQ7jIOHksFk/dOaPhFox jbY2esaX30r0AYaKVt/VNmZEhic5Xg== =79Nq -----END PGP SIGNATURE----- --R+My9LyyhiUvIEro--