diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2020-12-16 22:06:07 +0300 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-12-16 22:06:07 +0300 |
commit | e20a9b92ddbfe662807622dbb28e1fbb6e0011aa (patch) | |
tree | df1a16ed9cdd8ed83aacfa01f0f3498bf156c12d /include | |
parent | ca5b877b6ccc7b989614f3f541e9a1fe2ff7f75a (diff) | |
parent | 207cdd565dfc95a0a5185263a567817b7ebf5467 (diff) | |
download | linux-e20a9b92ddbfe662807622dbb28e1fbb6e0011aa.tar.xz |
Merge tag 'integrity-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull integrity subsystem updates from Mimi Zohar:
"Just three patches here. Other integrity changes are being upstreamed
via EFI (defines a common EFI secure and trusted boot IMA policy) and
BPF LSM (exporting the IMA file cache hash info based on inode).
The three patches included here:
- bug fix: fail calculating the file hash, when a file not opened for
read and the attempt to re-open it for read fails.
- defer processing the "ima_appraise" boot command line option to
avoid enabling different modes (e.g. fix, log) to when the secure
boot flag is available on arm.
- defines "ima-buf" as the default IMA buffer measurement template in
preparation for the builtin integrity "critical data" policy"
* tag 'integrity-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
ima: Don't modify file descriptor mode on the fly
ima: select ima-buf template for buffer measurement
ima: defer arch_ima_get_secureboot() call to IMA init time
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/ima.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/linux/ima.h b/include/linux/ima.h index 7233a2751754..7db9cca1af34 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -32,6 +32,12 @@ extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size); extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); +#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM +extern void ima_appraise_parse_cmdline(void); +#else +static inline void ima_appraise_parse_cmdline(void) {} +#endif + #ifdef CONFIG_IMA_KEXEC extern void ima_add_kexec_buffer(struct kimage *image); #endif |