summaryrefslogtreecommitdiffstats
path: root/security/integrity/iint.c
diff options
context:
space:
mode:
authorMatthew Garrett <mjg59@google.com>2018-05-12 01:12:34 +0200
committerMimi Zohar <zohar@linux.vnet.ibm.com>2018-05-17 14:03:07 +0200
commit0c343af8065be5ceb0c03a876af7c513e960e2ff (patch)
tree908d997e4a9eaaef301fd220b9b61bc17158611f /security/integrity/iint.c
parentima: Remove unused variable ima_initialized (diff)
downloadlinux-0c343af8065be5ceb0c03a876af7c513e960e2ff.tar.xz
linux-0c343af8065be5ceb0c03a876af7c513e960e2ff.zip
integrity: Add an integrity directory in securityfs
We want to add additional evm control nodes, and it'd be preferable not to clutter up the securityfs root directory any further. Create a new integrity directory, move the ima directory into it, create an evm directory for the evm attribute and add compatibility symlinks. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/iint.c')
-rw-r--r--security/integrity/iint.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/security/integrity/iint.c b/security/integrity/iint.c
index f266e4b3b7d4..149faa81f6f0 100644
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
@@ -21,12 +21,15 @@
#include <linux/rbtree.h>
#include <linux/file.h>
#include <linux/uaccess.h>
+#include <linux/security.h>
#include "integrity.h"
static struct rb_root integrity_iint_tree = RB_ROOT;
static DEFINE_RWLOCK(integrity_iint_lock);
static struct kmem_cache *iint_cache __read_mostly;
+struct dentry *integrity_dir;
+
/*
* __integrity_iint_find - return the iint associated with an inode
*/
@@ -211,3 +214,18 @@ void __init integrity_load_keys(void)
ima_load_x509();
evm_load_x509();
}
+
+static int __init integrity_fs_init(void)
+{
+ integrity_dir = securityfs_create_dir("integrity", NULL);
+ if (IS_ERR(integrity_dir)) {
+ pr_err("Unable to create integrity sysfs dir: %ld\n",
+ PTR_ERR(integrity_dir));
+ integrity_dir = NULL;
+ return PTR_ERR(integrity_dir);
+ }
+
+ return 0;
+}
+
+late_initcall(integrity_fs_init)