git.kernel.dk Git - linux-2.6-block.git/commit

author	Roberto Sassu <roberto.sassu@huawei.com>
	Thu, 15 Feb 2024 10:31:01 +0000 (11:31 +0100)
committer	Paul Moore <paul@paul-moore.com>
	Fri, 16 Feb 2024 04:43:43 +0000 (23:43 -0500)
commit	f09068b5a114ed28d2df2e82a7d30dde0145dc69
tree	4715033da382ada0ce040640f58a84fe9be26b81	tree \| snapshot
parent	8f46ff5767b0b18329140d80d6bcabd818f42c4c	commit \| diff

security: Introduce file_release hook

In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the file_release hook.

IMA calculates at file close the new digest of the file content and writes
it to security.ima, so that appraisal at next file access succeeds.

The new hook cannot return an error and cannot cause the operation to be
reverted.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Acked-by: Christian Brauner <brauner@kernel.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

fs/file_table.c		diff \| blob \| blame \| history
include/linux/lsm_hook_defs.h		diff \| blob \| blame \| history
include/linux/security.h		diff \| blob \| blame \| history
security/security.c		diff \| blob \| blame \| history