diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-03-09 20:38:26 +0100 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-07-18 18:29:42 +0200 |
commit | 3e1be52d6c6b21d9080dd886c0e609e009831562 (patch) | |
tree | 2947250698b89eed0149af2d69a33b303c4d6be4 /security/integrity/evm | |
parent | evm: add support for different security.evm data types (diff) | |
download | linux-3e1be52d6c6b21d9080dd886c0e609e009831562.tar.xz linux-3e1be52d6c6b21d9080dd886c0e609e009831562.zip |
security: imbed evm calls in security hooks
Imbed the evm calls evm_inode_setxattr(), evm_inode_post_setxattr(),
evm_inode_removexattr() in the security hooks. evm_inode_setxattr()
protects security.evm xattr. evm_inode_post_setxattr() and
evm_inode_removexattr() updates the hmac associated with an inode.
(Assumes an LSM module protects the setting/removing of xattr.)
Changelog:
- Don't define evm_verifyxattr(), unless CONFIG_INTEGRITY is enabled.
- xattr_name is a 'const', value is 'void *'
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Diffstat (limited to 'security/integrity/evm')
-rw-r--r-- | security/integrity/evm/evm_main.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index c0580dd15ec0..1746c3669c6f 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -18,6 +18,7 @@ #include <linux/crypto.h> #include <linux/xattr.h> #include <linux/integrity.h> +#include <linux/evm.h> #include "evm.h" int evm_initialized; |