From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752305AbdLDURc (ORCPT ); Mon, 4 Dec 2017 15:17:32 -0500 Received: from mx1.redhat.com ([209.132.183.28]:45744 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751380AbdLDUR1 (ORCPT ); Mon, 4 Dec 2017 15:17:27 -0500 Date: Mon, 4 Dec 2017 18:17:25 -0200 From: "Bruno E. O. Meneguele" To: "Bruno E. O. Meneguele" Cc: Mimi Zohar , Dmitry Kasatkin , linux-integrity@vger.kernel.org, linux-ima-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] ima: log message to module appraisal error Message-ID: <20171204201725.GA17252@glitch> References: <20171204195456.17193-1-bmeneguele@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="HcAYCG3uE/tztfnV" Content-Disposition: inline In-Reply-To: <20171204195456.17193-1-bmeneguele@gmail.com> X-PGP-Key: http://keys.gnupg.net/pks/lookup?op=get&search=0x3823031E4660608D User-Agent: Mutt/1.9.1 (2017-09-22) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Mon, 04 Dec 2017 20:17:27 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 04-12, Bruno E. O. Meneguele wrote: > Simple but useful message log to the user in case of module appraise is > forced and fails due to the lack of file descriptor, that might be > caused by kmod calls to compressed modules. >=20 > Signed-off-by: Bruno E. O. Meneguele > --- Oh sorry, I sent through my personal email configuration! Sorry for that.=20 Self NACK here, I'll repost a v2 with the correct signed-off and From fields. Thanks! > security/integrity/ima/ima_main.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) >=20 > diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/i= ma_main.c > index 770654694efc..95ec39910058 100644 > --- a/security/integrity/ima/ima_main.c > +++ b/security/integrity/ima/ima_main.c > @@ -366,8 +366,12 @@ int ima_read_file(struct file *file, enum kernel_rea= d_file_id read_id) > =20 > if (!file && read_id =3D=3D READING_MODULE) { > if (!sig_enforce && (ima_appraise & IMA_APPRAISE_MODULES) && > - (ima_appraise & IMA_APPRAISE_ENFORCE)) > + (ima_appraise & IMA_APPRAISE_ENFORCE)) { > + pr_err("impossible to appraise a module without a file \ > + descriptor. sig_enforce kernel parameter might \ > + help\n"); > return -EACCES; /* INTEGRITY_UNKNOWN */ > + } > return 0; /* We rely on module signature checking */ > } > return 0; > --=20 > 2.14.3 >=20 > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-= module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html --HcAYCG3uE/tztfnV Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEdWo6nTbnZdbDmXutYdRkFR+RokMFAlolrUcACgkQYdRkFR+R okNMbwf+LwE96Heuf62m608Ukrwd2SMPiJi6rHrBBn+2Ny1+Rljr1LI3RmM69bTS fHsquzYsxWcUV4j5iEqmGaRWC61bFbbHISVBlqgoYe3dB/Yho/8/XQcBuA4BTXXO d+SLQ+mJfrL9zOmOFvISKHXvNg7gdnNrOKeFGVPE+M3jwdHc/7hNAuvmMNcuCK/Y upGP+XEsL96SoudRZLTdM/+5Ipdp40SEu1h7YGYEI862PHS7F6l/DWVnGOhMUm7U eReFrEH7DM4z5Mxt5HQb/5CH+ksPA/4my8fipdr4iobAuNzBSOTybmkm+T3p3z31 57kjeOfa1DuF4dw95NrFh2yWz87stg== =PNrR -----END PGP SIGNATURE----- --HcAYCG3uE/tztfnV--