summaryrefslogtreecommitdiff
path: root/security/integrity/ima/ima_mok.c
diff options
context:
space:
mode:
authorPetko Manolov <petkan@mip-labs.com>2015-12-02 18:47:54 +0300
committerMimi Zohar <zohar@linux.vnet.ibm.com>2015-12-15 18:01:43 +0300
commit38d859f991f3a05b352a06f82af0baa1acf33e02 (patch)
tree05100d5f61490abf1a180d2f51b8b0960bba5123 /security/integrity/ima/ima_mok.c
parent05d3884b1ee66d83ad70ffa658c7b363797e2b0c (diff)
downloadlinux-38d859f991f3a05b352a06f82af0baa1acf33e02.tar.xz
IMA: policy can now be updated multiple times
The new rules get appended to the original policy, forming a queue. The new rules are first added to a temporary list, which on error get released without disturbing the normal IMA operations. On success both lists (the current policy and the new rules) are spliced. IMA policy reads are many orders of magnitude more numerous compared to writes, the match code is RCU protected. The updater side also does list splice in RCU manner. Signed-off-by: Petko Manolov <petkan@mip-labs.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_mok.c')
0 files changed, 0 insertions, 0 deletions