On Mon, Jan 15, 2024 at 07:17:58PM +0100, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > the path_post_mknod hook. > > IMA-appraisal requires all existing files in policy to have a file > hash/signature stored in security.ima. An exception is made for empty files > created by mknod, by tagging them as new files. > > LSMs could also take some action after files are created. > > The new hook cannot return an error and cannot cause the operation to be > reverted. > > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > Acked-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> > --- > fs/namei.c | 5 +++++ Acked-by: Christian Brauner <brauner@xxxxxxxxxx>
