summaryrefslogtreecommitdiffstats
path: root/security/security.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2018-08-16 07:54:12 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2018-08-16 07:54:12 +0200
commitf91e654474d413201ae578820fb63f8a811f6c4e (patch)
tree7f32d5757381b3371dbf095510622472c7d3aa43 /security/security.c
parentMerge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmor... (diff)
parentEVM: fix return value check in evm_write_xattrs() (diff)
downloadlinux-f91e654474d413201ae578820fb63f8a811f6c4e.tar.xz
linux-f91e654474d413201ae578820fb63f8a811f6c4e.zip
Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull integrity updates from James Morris: "This adds support for EVM signatures based on larger digests, contains a new audit record AUDIT_INTEGRITY_POLICY_RULE to differentiate the IMA policy rules from the IMA-audit messages, addresses two deadlocks due to either loading or searching for crypto algorithms, and cleans up the audit messages" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: EVM: fix return value check in evm_write_xattrs() integrity: prevent deadlock during digsig verification. evm: Allow non-SHA1 digital signatures evm: Don't deadlock if a crypto algorithm is unavailable integrity: silence warning when CONFIG_SECURITYFS is not enabled ima: Differentiate auditing policy rules from "audit" actions ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set ima: Use audit_log_format() rather than audit_log_string() ima: Call audit_log_string() rather than logging it untrusted
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/security/security.c b/security/security.c
index ab4f96347ebb..47cfff01d7ec 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1032,7 +1032,12 @@ int security_kernel_create_files_as(struct cred *new, struct inode *inode)
int security_kernel_module_request(char *kmod_name)
{
- return call_int_hook(kernel_module_request, 0, kmod_name);
+ int ret;
+
+ ret = call_int_hook(kernel_module_request, 0, kmod_name);
+ if (ret)
+ return ret;
+ return integrity_kernel_module_request(kmod_name);
}
int security_kernel_read_file(struct file *file, enum kernel_read_file_id id)