projects
/
linux-2.6-microblaze.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
lockdown: Fix kexec lockdown bypass with ima policy
[linux-2.6-microblaze.git]
/
security
/
integrity
/
ima
/
ima_policy.c
diff --git
a/security/integrity/ima/ima_policy.c
b/security/integrity/ima/ima_policy.c
index
7391741
..
a8802b8
100644
(file)
--- a/
security/integrity/ima/ima_policy.c
+++ b/
security/integrity/ima/ima_policy.c
@@
-2247,6
+2247,10
@@
bool ima_appraise_signature(enum kernel_read_file_id id)
if (id >= READING_MAX_ID)
return false;
+ if (id == READING_KEXEC_IMAGE && !(ima_appraise & IMA_APPRAISE_ENFORCE)
+ && security_locked_down(LOCKDOWN_KEXEC))
+ return false;
+
func = read_idmap[id] ?: FILE_CHECK;
rcu_read_lock();