From: Vivek Goyal <vgoyal@redhat.com>
To: linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, zohar@linux.vnet.ibm.com,
dmitry.kasatkin@intel.com
Cc: akpm@linux-foundation.org, ebiederm@xmission.com, vgoyal@redhat.com
Subject: [RFC PATCH 0/4] IMA: Export functions for file integrity verification
Date: Fri, 15 Mar 2013 16:35:54 -0400 [thread overview]
Message-ID: <1363379758-10071-1-git-send-email-vgoyal@redhat.com> (raw)
Hi,
This is just a proof of concept RFC to export some functions from IMA for
file integrity verification. And there is a patch which modified binfmt_elf.c
to show how a IMA subsystem user can call into IMA to verify integrity
of a file.
This patch set is far from being done. I am just throwing it out so that
we can start a discussion on whether exporting IMA functions makes sense
and if it does, then how those functions should look like.
Thanks
Vivek
Vivek Goyal (4):
integrity: Identify asymmetric digital signature using new type
ima: export new IMA functions for signature verification
capability: Create a new capability CAP_SIGNED
binfmt_elf: Elf executable signature verification
fs/Kconfig.binfmt | 12 ++++++++
fs/binfmt_elf.c | 44 +++++++++++++++++++++++++++++++
include/linux/ima.h | 24 ++++++++++++++++-
include/linux/integrity.h | 7 +++++
include/uapi/linux/capability.h | 12 ++++++++-
kernel/cred.c | 7 +++++
security/commoncap.c | 2 +
security/integrity/digsig.c | 11 +++++---
security/integrity/evm/evm_main.c | 4 ++-
security/integrity/ima/ima_api.c | 16 +++++++++++
security/integrity/ima/ima_appraise.c | 46 +++++++++++++++++++++++++++++++-
security/integrity/integrity.h | 14 +++------
12 files changed, 181 insertions(+), 18 deletions(-)
--
1.7.7.6
next reply other threads:[~2013-03-15 20:36 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-15 20:35 Vivek Goyal [this message]
2013-03-15 20:35 ` [PATCH 1/4] integrity: Identify asymmetric digital signature using new type Vivek Goyal
2013-03-15 20:35 ` [PATCH 2/4] ima: export new IMA functions for signature verification Vivek Goyal
2013-03-15 20:35 ` [PATCH 3/4] capability: Create a new capability CAP_SIGNED Vivek Goyal
2013-03-15 21:12 ` Casey Schaufler
2013-03-18 17:05 ` Vivek Goyal
2013-03-18 17:50 ` Casey Schaufler
2013-03-18 18:30 ` Vivek Goyal
2013-03-18 19:19 ` Casey Schaufler
2013-03-18 22:32 ` Eric W. Biederman
2013-03-19 21:01 ` Serge E. Hallyn
2013-03-20 5:07 ` James Morris
2013-03-20 14:41 ` Vivek Goyal
2013-03-20 14:50 ` Matthew Garrett
2013-03-15 20:35 ` [PATCH 4/4] binfmt_elf: Elf executable signature verification Vivek Goyal
2013-03-18 20:23 ` Josh Boyer
2013-03-18 20:33 ` Vivek Goyal
2013-03-19 14:39 ` Mimi Zohar
2013-03-20 15:21 ` Vivek Goyal
2013-03-20 17:41 ` Mimi Zohar
2013-03-20 18:39 ` Vivek Goyal
2013-03-20 15:59 ` Vivek Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1363379758-10071-1-git-send-email-vgoyal@redhat.com \
--to=vgoyal@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=dmitry.kasatkin@intel.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.