[RFC PATCH 0/4] IMA: Export functions for file integrity verification
From: Vivek Goyal
Date: Fri Mar 15 2013 - 16:36:40 EST
Hi,
This is just a proof of concept RFC to export some functions from IMA for
file integrity verification. And there is a patch which modified binfmt_elf.c
to show how a IMA subsystem user can call into IMA to verify integrity
of a file.
This patch set is far from being done. I am just throwing it out so that
we can start a discussion on whether exporting IMA functions makes sense
and if it does, then how those functions should look like.
Thanks
Vivek
Vivek Goyal (4):
integrity: Identify asymmetric digital signature using new type
ima: export new IMA functions for signature verification
capability: Create a new capability CAP_SIGNED
binfmt_elf: Elf executable signature verification
fs/Kconfig.binfmt | 12 ++++++++
fs/binfmt_elf.c | 44 +++++++++++++++++++++++++++++++
include/linux/ima.h | 24 ++++++++++++++++-
include/linux/integrity.h | 7 +++++
include/uapi/linux/capability.h | 12 ++++++++-
kernel/cred.c | 7 +++++
security/commoncap.c | 2 +
security/integrity/digsig.c | 11 +++++---
security/integrity/evm/evm_main.c | 4 ++-
security/integrity/ima/ima_api.c | 16 +++++++++++
security/integrity/ima/ima_appraise.c | 46 +++++++++++++++++++++++++++++++-
security/integrity/integrity.h | 14 +++------
12 files changed, 181 insertions(+), 18 deletions(-)
--
1.7.7.6
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/