diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-16 01:54:12 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-16 01:54:12 -0400 |
| commit | f91e654474d413201ae578820fb63f8a811f6c4e (patch) | |
| tree | 7f32d5757381b3371dbf095510622472c7d3aa43 /security/security.c | |
| parent | c715ebeb0303b196f17376f189ae4e168d98b563 (diff) | |
| parent | 3dd0f18c70d94ca2432c78c5735744429f071b0b (diff) | |
Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull integrity updates from James Morris:
"This adds support for EVM signatures based on larger digests, contains
a new audit record AUDIT_INTEGRITY_POLICY_RULE to differentiate the
IMA policy rules from the IMA-audit messages, addresses two deadlocks
due to either loading or searching for crypto algorithms, and cleans
up the audit messages"
* 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
EVM: fix return value check in evm_write_xattrs()
integrity: prevent deadlock during digsig verification.
evm: Allow non-SHA1 digital signatures
evm: Don't deadlock if a crypto algorithm is unavailable
integrity: silence warning when CONFIG_SECURITYFS is not enabled
ima: Differentiate auditing policy rules from "audit" actions
ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set
ima: Use audit_log_format() rather than audit_log_string()
ima: Call audit_log_string() rather than logging it untrusted
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/security/security.c b/security/security.c index ab4f96347ebb..47cfff01d7ec 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -1032,7 +1032,12 @@ int security_kernel_create_files_as(struct cred *new, struct inode *inode) | |||
| 1032 | 1032 | ||
| 1033 | int security_kernel_module_request(char *kmod_name) | 1033 | int security_kernel_module_request(char *kmod_name) |
| 1034 | { | 1034 | { |
| 1035 | return call_int_hook(kernel_module_request, 0, kmod_name); | 1035 | int ret; |
| 1036 | |||
| 1037 | ret = call_int_hook(kernel_module_request, 0, kmod_name); | ||
| 1038 | if (ret) | ||
| 1039 | return ret; | ||
| 1040 | return integrity_kernel_module_request(kmod_name); | ||
| 1036 | } | 1041 | } |
| 1037 | 1042 | ||
| 1038 | int security_kernel_read_file(struct file *file, enum kernel_read_file_id id) | 1043 | int security_kernel_read_file(struct file *file, enum kernel_read_file_id id) |