16c267aac86b463b1fcccd43c89f4c8e5c5c86fa - SHIFTPHONES/mainline/linux

commit	16c267aac86b463b1fcccd43c89f4c8e5c5c86fa	[log] [tgz]
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	Fri Jul 13 14:05:58 2018 -0400
committer	James Morris <james.morris@microsoft.com>	Mon Jul 16 12:31:57 2018 -0700
tree	550e6fcb00d732a3c018b3258302f8ffd61a4379
parent	a210fd32a46bae6d05b43860fe3b47732501d63b [diff]

ima: based on policy require signed kexec kernel images

The original kexec_load syscall can not verify file signatures, nor can
the kexec image be measured.  Based on policy, deny the kexec_load
syscall.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Kees Cook <keescook@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>

include/linux/ima.h[diff]
security/integrity/ima/ima.h[diff]
security/integrity/ima/ima_main.c[diff]
security/integrity/ima/ima_policy.c[diff]
security/security.c[diff]

5 files changed

tree: 550e6fcb00d732a3c018b3258302f8ffd61a4379