Re: [PATCH 4/4] module: Add hook for security_kernel_post_read_file()

On Tue, 2020-07-07 at 20:10 -0700, Kees Cook wrote: > On Tue, Jul 07, 2020 at 08:47:20PM -0400, Mimi Zohar wrote: > > On Tue, 2020-07-07 at 01:19 -0700, Kees Cook wrote: > > > Calls to security_kernel_load_data() should be paired with a call to > > > security_kernel_post_read_file() with a NULL fil

Re: [PATCH 4/4] module: Add hook for security_kernel_post_read_file()

On Tue, Jul 07, 2020 at 08:47:20PM -0400, Mimi Zohar wrote: > On Tue, 2020-07-07 at 01:19 -0700, Kees Cook wrote: > > Calls to security_kernel_load_data() should be paired with a call to > > security_kernel_post_read_file() with a NULL file argument. Add the > > missing call so the module contents

Re: [PATCH 4/4] module: Add hook for security_kernel_post_read_file()

On Tue, 2020-07-07 at 01:19 -0700, Kees Cook wrote: > Calls to security_kernel_load_data() should be paired with a call to > security_kernel_post_read_file() with a NULL file argument. Add the > missing call so the module contents are visible to the LSMs interested > in measuring the module content

[PATCH 4/4] module: Add hook for security_kernel_post_read_file()

Calls to security_kernel_load_data() should be paired with a call to security_kernel_post_read_file() with a NULL file argument. Add the missing call so the module contents are visible to the LSMs interested in measuring the module content. (This also paves the way for moving module signature check