For now a child namespace uses the same tpm chip descriptor
from init namespace.
Signed-off-by: Denis Semakin <denis.semakin@xxxxxxxxxx>
---
security/integrity/ima/ima_init_ima_ns.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/security/integrity/ima/ima_init_ima_ns.c b/security/integrity/ima/ima_init_ima_ns.c
index d29d113a322c..8093c61697a4 100644
--- a/security/integrity/ima/ima_init_ima_ns.c
+++ b/security/integrity/ima/ima_init_ima_ns.c
@@ -58,6 +58,14 @@ int ima_init_namespace(struct ima_namespace *ns)
mutex_init(&vpcr_list_mutex);
list_add(&ns->vpcr.list, &vpcr_list);
} else {
+ /**
+ * Here we just assign tpm_chip from init_ima_ns
+ * with new IMA namespace.
+ * In future a new API should be used I think
+ * Stefan's ima_ns_set_tpm_chip() and etc. to get
+ * TPM chip descriptor and provider.
+ */
+ ns->ima_tpm_chip = init_ima_ns.ima_tpm_chip;
mutex_lock(&vpcr_list_mutex);
list_add_tail(&ns->vpcr.list, &vpcr_list);
mutex_unlock(&vpcr_list_mutex);
--
2.38.GIT
