summaryrefslogtreecommitdiffstats
path: root/security/landlock
diff options
context:
space:
mode:
authorDeven Bowers <deven.desai@linux.microsoft.com>2024-08-03 08:08:17 +0200
committerPaul Moore <paul@paul-moore.com>2024-08-20 20:01:13 +0200
commit05a351630b7463ce58668095f5683669c1295f65 (patch)
tree92482f2c77171b1564954f3ceafed3f7233a6e28 /security/landlock
parentipe: add policy parser (diff)
downloadlinux-05a351630b7463ce58668095f5683669c1295f65.tar.xz
linux-05a351630b7463ce58668095f5683669c1295f65.zip
ipe: add evaluation loop
Introduce a core evaluation function in IPE that will be triggered by various security hooks (e.g., mmap, bprm_check, kexec). This function systematically assesses actions against the defined IPE policy, by iterating over rules specific to the action being taken. This critical addition enables IPE to enforce its security policies effectively, ensuring that actions intercepted by these hooks are scrutinized for policy compliance before they are allowed to proceed. Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> Reviewed-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/landlock')
0 files changed, 0 insertions, 0 deletions