diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-03-09 14:38:26 -0500 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-07-18 12:29:42 -0400 |
commit | 3e1be52d6c6b21d9080dd886c0e609e009831562 (patch) | |
tree | 2947250698b89eed0149af2d69a33b303c4d6be4 /security/integrity | |
parent | 6be5cc5246f807fd8ede9f5f1bb2826f2c598658 (diff) |
security: imbed evm calls in security hooks
Imbed the evm calls evm_inode_setxattr(), evm_inode_post_setxattr(),
evm_inode_removexattr() in the security hooks. evm_inode_setxattr()
protects security.evm xattr. evm_inode_post_setxattr() and
evm_inode_removexattr() updates the hmac associated with an inode.
(Assumes an LSM module protects the setting/removing of xattr.)
Changelog:
- Don't define evm_verifyxattr(), unless CONFIG_INTEGRITY is enabled.
- xattr_name is a 'const', value is 'void *'
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Diffstat (limited to 'security/integrity')
-rw-r--r-- | security/integrity/evm/evm_main.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index c0580dd15ec0..1746c3669c6f 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c | |||
@@ -18,6 +18,7 @@ | |||
18 | #include <linux/crypto.h> | 18 | #include <linux/crypto.h> |
19 | #include <linux/xattr.h> | 19 | #include <linux/xattr.h> |
20 | #include <linux/integrity.h> | 20 | #include <linux/integrity.h> |
21 | #include <linux/evm.h> | ||
21 | #include "evm.h" | 22 | #include "evm.h" |
22 | 23 | ||
23 | int evm_initialized; | 24 | int evm_initialized; |