diff options
| author | THOBY Simon <Simon.THOBY@viveris.fr> | 2021-08-16 10:11:00 +0200 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2021-08-16 23:30:41 +0200 |
| commit | 1624dc0086056c3a35fd34b0235bb1eb88c1c4d5 (patch) | |
| tree | 5b2d3eb0600d257add0a38841c7af1c275b7c540 /security/integrity/ima/ima_appraise.c | |
| parent | IMA: block writes of the security.ima xattr with unsupported algorithms (diff) | |
| download | linux-1624dc0086056c3a35fd34b0235bb1eb88c1c4d5.tar.xz linux-1624dc0086056c3a35fd34b0235bb1eb88c1c4d5.zip | |
IMA: add support to restrict the hash algorithms used for file appraisal
The kernel accepts any hash algorithm as a value for the security.ima
xattr. Users may wish to restrict the accepted algorithms to only
support strong cryptographic ones.
Provide the plumbing to restrict the permitted set of hash algorithms
used for verifying file hashes and signatures stored in security.ima
xattr.
Signed-off-by: THOBY Simon <Simon.THOBY@viveris.fr>
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_appraise.c')
| -rw-r--r-- | security/integrity/ima/ima_appraise.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index baeb10efbf51..e2edef8a9185 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -77,8 +77,9 @@ int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, return 0; security_task_getsecid_subj(current, &secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, func, - mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); + return ima_match_policy(mnt_userns, inode, current_cred(), secid, + func, mask, IMA_APPRAISE | IMA_HASH, NULL, + NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, |