Hi, This is just a proof of concept RFC to export some functions from IMA for file integrity verification. And there is a patch which modified binfmt_elf.c to show how a IMA subsystem user can call into IMA to verify integrity of a file.
This patch set is far from being done. I am just throwing it out so that we can start a discussion on whether exporting IMA functions makes sense and if it does, then how those functions should look like. Thanks Vivek Vivek Goyal (4): integrity: Identify asymmetric digital signature using new type ima: export new IMA functions for signature verification capability: Create a new capability CAP_SIGNED binfmt_elf: Elf executable signature verification fs/Kconfig.binfmt | 12 ++++++++ fs/binfmt_elf.c | 44 +++++++++++++++++++++++++++++++ include/linux/ima.h | 24 ++++++++++++++++- include/linux/integrity.h | 7 +++++ include/uapi/linux/capability.h | 12 ++++++++- kernel/cred.c | 7 +++++ security/commoncap.c | 2 + security/integrity/digsig.c | 11 +++++--- security/integrity/evm/evm_main.c | 4 ++- security/integrity/ima/ima_api.c | 16 +++++++++++ security/integrity/ima/ima_appraise.c | 46 +++++++++++++++++++++++++++++++- security/integrity/integrity.h | 14 +++------ 12 files changed, 181 insertions(+), 18 deletions(-) -- 1.7.7.6 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/