summaryrefslogtreecommitdiffstats
path: root/init/main.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2014-12-15 05:36:37 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2014-12-15 05:36:37 +0100
commit67e2c3883828b39548cee2091b36656787775d95 (patch)
tree975a0f546a604beda30d4ede34f8e9cca9a88b71 /init/main.c
parentMerge tag 'char-misc-3.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g... (diff)
parentMerge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next (diff)
downloadlinux-67e2c3883828b39548cee2091b36656787775d95.tar.xz
linux-67e2c3883828b39548cee2091b36656787775d95.zip
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security layer updates from James Morris: "In terms of changes, there's general maintenance to the Smack, SELinux, and integrity code. The IMA code adds a new kconfig option, IMA_APPRAISE_SIGNED_INIT, which allows IMA appraisal to require signatures. Support for reading keys from rootfs before init is call is also added" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (23 commits) selinux: Remove security_ops extern security: smack: fix out-of-bounds access in smk_parse_smack() VFS: refactor vfs_read() ima: require signature based appraisal integrity: provide a hook to load keys when rootfs is ready ima: load x509 certificate from the kernel integrity: provide a function to load x509 certificate from the kernel integrity: define a new function integrity_read_file() Security: smack: replace kzalloc with kmem_cache for inode_smack Smack: Lock mode for the floor and hat labels ima: added support for new kernel cmdline parameter ima_template_fmt ima: allocate field pointers array on demand in template_desc_init_fields() ima: don't allocate a copy of template_fmt in template_desc_init_fields() ima: display template format in meas. list if template name length is zero ima: added error messages to template-related functions ima: use atomic bit operations to protect policy update interface ima: ignore empty and with whitespaces policy lines ima: no need to allocate entry for comment ima: report policy load status ima: use path names cache ...
Diffstat (limited to 'init/main.c')
-rw-r--r--init/main.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/init/main.c b/init/main.c
index ed7e7ad5fee0..8a914b758e5d 100644
--- a/init/main.c
+++ b/init/main.c
@@ -78,6 +78,7 @@
#include <linux/context_tracking.h>
#include <linux/random.h>
#include <linux/list.h>
+#include <linux/integrity.h>
#include <asm/io.h>
#include <asm/bugs.h>
@@ -1031,8 +1032,11 @@ static noinline void __init kernel_init_freeable(void)
* Ok, we have completed the initial bootup, and
* we're essentially up and running. Get rid of the
* initmem segments and start the user-mode stuff..
+ *
+ * rootfs is available now, try loading the public keys
+ * and default modules
*/
- /* rootfs is available now, try loading default modules */
+ integrity_load_keys();
load_default_modules();
}