From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> To: zohar@linux.ibm.com, James.Bottomley@HansenPartnership.com, linux-integrity@vger.kernel.org Cc: eric.snowberg@oracle.com, dhowells@redhat.com, mathew.j.martineau@linux.intel.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org Subject: [PATCH 0/4] KEYS: Measure keys when they are created or updated Date: Tue, 07 Jan 2020 19:43:46 +0000 [thread overview] Message-ID: <20200107194350.3782-1-nramas@linux.microsoft.com> (raw) commit 88e70da170e8 ("IMA: Define an IMA hook to measure keys") in next-integrity added an IMA hook to measure keys when they are created or updated in the system. This hook is defined in ima_asymmetric_keys.c which was built if CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE was defined. But this config is a tristate (and not a bool type). If CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE was set to "m" in the .config, ima_asymmetric_keys.c was built as a kernel module when it is not a kernel module. This issue was reported by "kbuild test robot <lkp@intel.com>". This change defines a new config namely CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS to enable building ima_asymmetric_keys.c. This new config is enabled when both CONFIG_IMA and CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE are defined. Lakshmi Ramasubramanian (4): IMA: Define an IMA hook to measure keys KEYS: Call the IMA hook to measure keys IMA: Add support to limit measuring keys IMA: Read keyrings= option from the IMA policy Documentation/ABI/testing/ima_policy | 10 ++- include/linux/ima.h | 14 +++ security/integrity/ima/Kconfig | 9 ++ security/integrity/ima/Makefile | 1 + security/integrity/ima/ima.h | 8 +- security/integrity/ima/ima_api.c | 8 +- security/integrity/ima/ima_appraise.c | 4 +- security/integrity/ima/ima_asymmetric_keys.c | 58 +++++++++++++ security/integrity/ima/ima_main.c | 9 +- security/integrity/ima/ima_policy.c | 91 ++++++++++++++++++-- security/keys/key.c | 10 +++ 11 files changed, 204 insertions(+), 18 deletions(-) create mode 100644 security/integrity/ima/ima_asymmetric_keys.c -- 2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> To: zohar@linux.ibm.com, James.Bottomley@HansenPartnership.com, linux-integrity@vger.kernel.org Cc: eric.snowberg@oracle.com, dhowells@redhat.com, mathew.j.martineau@linux.intel.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org Subject: [PATCH 0/4] KEYS: Measure keys when they are created or updated Date: Tue, 7 Jan 2020 11:43:46 -0800 [thread overview] Message-ID: <20200107194350.3782-1-nramas@linux.microsoft.com> (raw) commit 88e70da170e8 ("IMA: Define an IMA hook to measure keys") in next-integrity added an IMA hook to measure keys when they are created or updated in the system. This hook is defined in ima_asymmetric_keys.c which was built if CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE was defined. But this config is a tristate (and not a bool type). If CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE was set to "m" in the .config, ima_asymmetric_keys.c was built as a kernel module when it is not a kernel module. This issue was reported by "kbuild test robot <lkp@intel.com>". This change defines a new config namely CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS to enable building ima_asymmetric_keys.c. This new config is enabled when both CONFIG_IMA and CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE are defined. Lakshmi Ramasubramanian (4): IMA: Define an IMA hook to measure keys KEYS: Call the IMA hook to measure keys IMA: Add support to limit measuring keys IMA: Read keyrings= option from the IMA policy Documentation/ABI/testing/ima_policy | 10 ++- include/linux/ima.h | 14 +++ security/integrity/ima/Kconfig | 9 ++ security/integrity/ima/Makefile | 1 + security/integrity/ima/ima.h | 8 +- security/integrity/ima/ima_api.c | 8 +- security/integrity/ima/ima_appraise.c | 4 +- security/integrity/ima/ima_asymmetric_keys.c | 58 +++++++++++++ security/integrity/ima/ima_main.c | 9 +- security/integrity/ima/ima_policy.c | 91 ++++++++++++++++++-- security/keys/key.c | 10 +++ 11 files changed, 204 insertions(+), 18 deletions(-) create mode 100644 security/integrity/ima/ima_asymmetric_keys.c -- 2.17.1
next reply other threads:[~2020-01-07 19:43 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-01-07 19:43 Lakshmi Ramasubramanian [this message] 2020-01-07 19:43 ` [PATCH 0/4] KEYS: Measure keys when they are created or updated Lakshmi Ramasubramanian 2020-01-07 19:43 ` [PATCH 1/4] IMA: Define an IMA hook to measure keys Lakshmi Ramasubramanian 2020-01-07 19:43 ` Lakshmi Ramasubramanian 2020-01-07 22:26 ` James Bottomley 2020-01-07 22:26 ` James Bottomley 2020-01-07 19:43 ` [PATCH 2/4] KEYS: Call the " Lakshmi Ramasubramanian 2020-01-07 19:43 ` Lakshmi Ramasubramanian 2020-01-07 22:51 ` Mimi Zohar 2020-01-07 22:51 ` Mimi Zohar 2020-01-07 19:43 ` [PATCH 3/4] IMA: Add support to limit measuring keys Lakshmi Ramasubramanian 2020-01-07 19:43 ` Lakshmi Ramasubramanian 2020-01-07 19:43 ` [PATCH 4/4] IMA: Read keyrings= option from the IMA policy Lakshmi Ramasubramanian 2020-01-07 19:43 ` Lakshmi Ramasubramanian
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200107194350.3782-1-nramas@linux.microsoft.com \ --to=nramas@linux.microsoft.com \ --cc=James.Bottomley@HansenPartnership.com \ --cc=dhowells@redhat.com \ --cc=eric.snowberg@oracle.com \ --cc=jamorris@linux.microsoft.com \ --cc=keyrings@vger.kernel.org \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=mathew.j.martineau@linux.intel.com \ --cc=matthewgarrett@google.com \ --cc=sashal@kernel.org \ --cc=zohar@linux.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.