Hi Eric,
I'd really appreciate your reviewing/ack'ing this patch.
thanks,
Mimi
On Thu, 2018-04-12 at 18:41 -0400, Mimi Zohar wrote:
> Allow LSMs and IMA to differentiate between the kexec_load and
> kexec_file_load syscalls by adding an "unnecessary" call to
> security_kernel_read_file() in kexec_load. This would be similar to the
> existing init_module syscall calling security_kernel_read_file().
>
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
> ---
> kernel/kexec.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/kernel/kexec.c b/kernel/kexec.c
> index aed8fb2564b3..d1386cfc6796 100644
> --- a/kernel/kexec.c
> +++ b/kernel/kexec.c
> @@ -11,6 +11,7 @@
> #include <linux/capability.h>
> #include <linux/mm.h>
> #include <linux/file.h>
> +#include <linux/security.h>
> #include <linux/kexec.h>
> #include <linux/mutex.h>
> #include <linux/list.h>
> @@ -195,11 +196,21 @@ static int do_kexec_load(unsigned long entry, unsigned long nr_segments,
> static inline int kexec_load_check(unsigned long nr_segments,
> unsigned long flags)
> {
> + int result;
> +
> /* We only trust the superuser with rebooting the system. */
> if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
> return -EPERM;
>
> /*
> + * Allow LSMs and IMA to differentiate between kexec_load and
> + * kexec_file_load syscalls.
> + */
> + result = security_kernel_read_file(NULL, READING_KEXEC_IMAGE);
> + if (result < 0)
> + return result;
> +
> + /*
> * Verify we have a legal set of flags
> * This leaves us room for future extensions.
> */
_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec
