On Mon, Jan 18, 2016 at 10:11:24AM -0500, Mimi Zohar wrote: > From: Dmitry Kasatkin <d.kasatkin at samsung.com> > > echo /etc/ima/ima_policy > /sys/kernel/security/ima/policy > fs/exec.c | 21 ++++++++++++++++++++ > diff --git a/fs/exec.c b/fs/exec.c > index 3524e5f..5731b40 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -903,6 +903,27 @@ out: > return ret; > } > > +int kernel_read_file_from_path(char *path, void **buf, loff_t *size, > + loff_t max_size, int policy_id) > +{ > + struct file *file; > + int ret; > + > + if (!path || !*path) > + return -EINVAL; > + > + file = filp_open(path, O_RDONLY, 0); > + if (IS_ERR(file)) { > + ret = PTR_ERR(file); > + pr_err("Unable to open file: %s (%d)", path, ret); > + return ret; > + } > + > + ret = kernel_read_file(file, buf, size, max_size, policy_id); > + fput(file); > + return ret; > +} > + I like this strategy, and can see it being further generalized in areas of the kernel where we may want self policy / file loading appraisal. Those policies are now defined through LSMs, in IMA here you do your own vetting but -- it seems we might better want instead to enable easily *any* LSM to do its vetting. In this case I suppose that's still possible given kernel_read_file() is used and that in turn would have a pre LSM hook and post-LSM hook. Is that right? If so then it should just be a matter of all other areas of the kernel to use kernel_read_file_from_path() or kernel_read_file() to take advantage of similar strategies. Or is there more work? The other obvious alternative for the heavy handed users would be to just use the future sysdata helpers, that in turn would use kernel_read_file_from_path() and still if a distribution wants can also in the future get kernel signature verification. Luis