On 9/4/23 09:34, Roberto Sassu wrote:
From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> In preparation for moving IMA and EVM to the LSM infrastructure, introduce the file_pre_free_security hook. It is useful for IMA to calculate the digest of the file content, just before a file descriptor is closed, and update the security.ima xattr with the new value. LSMs should use this hook instead of file_free_security, if they still need to access the opened file, before it is closed. The new hook cannot return an error and cannot cause the operation to be canceled. Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
