subject:"\[RFC PATCH v2 09\/11\] ima\: load policy using path"

Re: [RFC PATCH v2 09/11] ima: load policy using path

2016-01-22 Thread Luis R. Rodriguez

On Mon, Jan 18, 2016 at 10:11:24AM -0500, Mimi Zohar wrote: > From: Dmitry Kasatkin > > echo /etc/ima/ima_policy > /sys/kernel/security/ima/policy > fs/exec.c | 21 > diff --git a/fs/exec.c b/fs/exec.c > index 3524e5f..5731b40

Re: [RFC PATCH v2 09/11] ima: load policy using path

2016-01-21 Thread Mimi Zohar

On Thu, 2016-01-21 at 01:05 +0100, Luis R. Rodriguez wrote: > On Mon, Jan 18, 2016 at 10:11:24AM -0500, Mimi Zohar wrote: > > --- a/fs/exec.c > > +++ b/fs/exec.c > > @@ -903,6 +903,27 @@ out: > > return ret; > > } > > > > +int kernel_read_file_from_path(char *path, void **buf, loff_t *size,

Re: [RFC PATCH v2 09/11] ima: load policy using path

2016-01-20 Thread Luis R. Rodriguez

On Mon, Jan 18, 2016 at 10:11:24AM -0500, Mimi Zohar wrote: > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -903,6 +903,27 @@ out: > return ret; > } > > +int kernel_read_file_from_path(char *path, void **buf, loff_t *size, > +loff_t max_size, int policy_id) > +{ > +

[RFC PATCH v2 09/11] ima: load policy using path

2016-01-18 Thread Mimi Zohar

From: Dmitry Kasatkin We currently cannot do appraisal or signature vetting of IMA policies since we currently can only load IMA policies by writing the contents of the policy directly in, as follows: cat policy-file > /ima/policy If we provide the kernel the path to