On Jan 15, 2024 Roberto Sassu <roberto.sassu@xxxxxxxxxxxxxxx> wrote: > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > the path_post_mknod hook. > > IMA-appraisal requires all existing files in policy to have a file > hash/signature stored in security.ima. An exception is made for empty files > created by mknod, by tagging them as new files. > > LSMs could also take some action after files are created. > > The new hook cannot return an error and cannot cause the operation to be > reverted. > > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > Acked-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> > --- > fs/namei.c | 5 +++++ > include/linux/lsm_hook_defs.h | 2 ++ > include/linux/security.h | 5 +++++ > security/security.c | 14 ++++++++++++++ > 4 files changed, 26 insertions(+) Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> -- paul-moore.com
