diff options
author | Deven Bowers <deven.desai@linux.microsoft.com> | 2024-08-03 08:08:17 +0200 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2024-08-20 20:01:13 +0200 |
commit | 05a351630b7463ce58668095f5683669c1295f65 (patch) | |
tree | 92482f2c77171b1564954f3ceafed3f7233a6e28 /security/landlock | |
parent | ipe: add policy parser (diff) | |
download | linux-05a351630b7463ce58668095f5683669c1295f65.tar.xz linux-05a351630b7463ce58668095f5683669c1295f65.zip |
ipe: add evaluation loop
Introduce a core evaluation function in IPE that will be triggered by
various security hooks (e.g., mmap, bprm_check, kexec). This function
systematically assesses actions against the defined IPE policy, by
iterating over rules specific to the action being taken. This critical
addition enables IPE to enforce its security policies effectively,
ensuring that actions intercepted by these hooks are scrutinized for policy
compliance before they are allowed to proceed.
Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/landlock')
0 files changed, 0 insertions, 0 deletions