Dmitry Kasatkin writes:
> +#else
> +static inline int integrity_module_check(const void *buf, unsigned long len)
> +{
> + return 0;
> +}
> +#endif
...
> + err = integrity_module_check(hdr, len);
> + if (err < 0)
> + goto free_hdr;
> +
> + /* cut signature tail */
> +
On Thu, Aug 16, 2012 at 12:13 AM, Kasatkin, Dmitry
wrote:
> On Wed, Aug 15, 2012 at 11:16 PM, Serge Hallyn
> wrote:
>> Quoting Dmitry Kasatkin (dmitry.kasat...@intel.com):
>>> IMA measures/appraises modules when modprobe or insmod opens and read them.
>>> Unfortunately, there are no guarantees be
On Thu, Aug 16, 2012 at 9:49 PM, Josh Boyer wrote:
> On Wed, Aug 15, 2012 at 2:43 PM, Dmitry Kasatkin
> wrote:
>> @@ -2437,6 +2438,14 @@ static int copy_and_check(struct load_info *info,
>>
>> info->hdr = hdr;
>> info->len = len;
>> +
>> + err = integrity_module_check(hdr, l
On Wed, Aug 15, 2012 at 2:43 PM, Dmitry Kasatkin
wrote:
> @@ -2437,6 +2438,14 @@ static int copy_and_check(struct load_info *info,
>
> info->hdr = hdr;
> info->len = len;
> +
> + err = integrity_module_check(hdr, len);
> + if (err < 0)
> + goto free_hdr;
>
On Wed, Aug 15, 2012 at 11:16 PM, Serge Hallyn
wrote:
> Quoting Dmitry Kasatkin (dmitry.kasat...@intel.com):
>> IMA measures/appraises modules when modprobe or insmod opens and read them.
>> Unfortunately, there are no guarantees between what is read by userspace and
>> what is passed to the kerne
Quoting Dmitry Kasatkin (dmitry.kasat...@intel.com):
> IMA measures/appraises modules when modprobe or insmod opens and read them.
> Unfortunately, there are no guarantees between what is read by userspace and
> what is passed to the kernel via load_module system call. This patch adds a
> hook call
6 matches
Mail list logo
