git.monstr.eu Git - linux-2.6-microblaze.git/commit

author	Roberto Sassu <roberto.sassu@huawei.com>
	Thu, 15 Feb 2024 10:31:02 +0000 (11:31 +0100)
committer	Paul Moore <paul@paul-moore.com>
	Fri, 16 Feb 2024 04:43:43 +0000 (23:43 -0500)
commit	08abce60d63fb55f440c393f4508e99064f2fd91
tree	bc903aa7b37fbbb9c9f71a5b705838b18c0b4489	tree \| snapshot
parent	f09068b5a114ed28d2df2e82a7d30dde0145dc69	commit \| diff

security: Introduce path_post_mknod hook

In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the path_post_mknod hook.

IMA-appraisal requires all existing files in policy to have a file
hash/signature stored in security.ima. An exception is made for empty files
created by mknod, by tagging them as new files.

LSMs could also take some action after files are created.

The new hook cannot return an error and cannot cause the operation to be
reverted.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Christian Brauner <brauner@kernel.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

fs/namei.c		diff \| blob \| history
include/linux/lsm_hook_defs.h		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
security/security.c		diff \| blob \| history