Signed-off-by: Ilya Hanov <ilya.hanov@xxxxxxxxxxxxxxxxxxx>
---
security/integrity/ima/ima.h | 2 ++
security/integrity/ima/ima_fs.c | 1 +
security/integrity/ima/ima_init_ima_ns.c | 1 +
3 files changed, 4 insertions(+)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 91da4dd11390..a717be9685ed 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -14,6 +14,7 @@
#define __LINUX_IMA_H
#include <linux/types.h>
+#include <linux/uuid.h>
#include <linux/crypto.h>
#include <linux/fs.h>
#include <linux/security.h>
@@ -176,6 +177,7 @@ struct ima_namespace {
*/
int ima_extra_slots;
struct vpcr_entry vpcr;
+ uuid_t uuid;
} __randomize_layout;
extern struct ima_namespace init_ima_ns;
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index d2dc7749949b..cf9164d31599 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -635,6 +635,7 @@ static int vpcr_show(struct seq_file *m, void *v)
vpcr);
ima_putc(m, "cPCR: ", strlen("cPCR: "));
+ ima_putc(m, curr_ns->uuid.b, UUID_SIZE);
ima_putc(m, vpcr->vpcr_tmp, SHA256_DIGEST_SIZE);
memcpy(buf, &temp_vpcr_hash.digest, SHA256_DIGEST_SIZE);
diff --git a/security/integrity/ima/ima_init_ima_ns.c b/security/integrity/ima/ima_init_ima_ns.c
index f22062b70977..33e6a18dc560 100644
--- a/security/integrity/ima/ima_init_ima_ns.c
+++ b/security/integrity/ima/ima_init_ima_ns.c
@@ -71,6 +71,7 @@ int ima_init_namespace(struct ima_namespace *ns)
mutex_unlock(&vpcr_list_mutex);
}
+ generate_random_uuid(ns->uuid.b);
get_random_bytes(&ns->vpcr.secret, sizeof(ns->vpcr.secret));
set_bit(IMA_NS_ACTIVE, &ns->ima_ns_flags);
--
2.17.1
