Hi James,
Today's linux-next merge of the security tree got a conflict in
security/integrity/ima/ima_main.c between commit a7f2a366f623 ("ima:
fallback to MODULE_SIG_ENFORCE for existing kernel module syscall") from
Linus' tree and commit 750943a30714 ("ima: remove enforce checking
duplication") from the security tree.
I think I fixed it up (see below).
--
Cheers,
Stephen Rothwell s...@canb.auug.org.au
diff --cc security/integrity/ima/ima_main.c
index dba965d,cd00ba3..0000000
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@@ -291,18 -275,10 +275,18 @@@ EXPORT_SYMBOL_GPL(ima_file_check)
*/
int ima_module_check(struct file *file)
{
- int rc = 0;
-
- if (!file)
+ if (!file) {
+ if (ima_appraise & IMA_APPRAISE_MODULES) {
+#ifndef CONFIG_MODULE_SIG_FORCE
- rc = -EACCES; /* INTEGRITY_UNKNOWN */
++ return -EACCES; /* INTEGRITY_UNKNOWN */
++#else
++ return 0;
+#endif
+ }
- } else
- rc = process_measurement(file, file->f_dentry->d_name.name,
- MAY_EXEC, MODULE_CHECK);
- return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0;
+ return -EACCES; /* INTEGRITY_UNKNOWN */
++ }
+ return process_measurement(file, file->f_dentry->d_name.name,
+ MAY_EXEC, MODULE_CHECK);
}
static int __init init_ima(void)
pgpdkg_5ejhEe.pgp
Description: PGP signature
