Re: [PATCH bpf-next v3 2/3] bpf: Add a BPF helper for getting the IMA hash of an inode

From: Yonghong Song
Date: Tue Nov 24 2020 - 12:42:53 EST

Next message: Maulik Shah: "Re: [PATCH 1/3] irqchip: qcom-pdc: Fix phantom irq when changing between rising/falling"
Previous message: Alex Belits: "Re: [EXT] Re: [PATCH v5 0/9] "Task_isolation" mode"
In reply to: KP Singh: "[PATCH bpf-next v3 2/3] bpf: Add a BPF helper for getting the IMA hash of an inode"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH bpf-next v3 0/3] Implement bpf_ima_inode_hash"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/24/20 7:12 AM, KP Singh wrote:

From: KP Singh <kpsingh@xxxxxxxxxx>

Provide a wrapper function to get the IMA hash of an inode. This helper
is useful in fingerprinting files (e.g executables on execution) and
using these fingerprints in detections like an executable unlinking
itself.

Since the ima_inode_hash can sleep, it's only allowed for sleepable
LSM hooks.

Signed-off-by: KP Singh <kpsingh@xxxxxxxxxx>

Acked-by: Yonghong Song <yhs@xxxxxx>

Next message: Maulik Shah: "Re: [PATCH 1/3] irqchip: qcom-pdc: Fix phantom irq when changing between rising/falling"
Previous message: Alex Belits: "Re: [EXT] Re: [PATCH v5 0/9] "Task_isolation" mode"
In reply to: KP Singh: "[PATCH bpf-next v3 2/3] bpf: Add a BPF helper for getting the IMA hash of an inode"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH bpf-next v3 0/3] Implement bpf_ima_inode_hash"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]