[RFC PATCH v2 00/11] vfss: support for a common kernel file loader
Luis R. Rodriguez
mcgrof at suse.com
Thu Jan 21 12:16:53 PST 2016
On Mon, Jan 18, 2016 at 10:11:15AM -0500, Mimi Zohar wrote:
> For a while it was looked down upon to directly read files from Linux.
> These days there exists a few mechanisms in the kernel that do just this
> though to load a file into a local buffer. There are minor but important
> checks differences on each, we should take all the best practices from
> each of them, generalize them and make all places in the kernel that
> read a file use it.[1]
>
> One difference is the method for opening the file. In some cases we
> have a file, while in other cases we have a pathname or a file descriptor.
>
> Another difference is the security hook calls, or lack of them. In
> some versions there is a post file read hook, while in others there
> is a pre file read hook.
>
> This patch set is the first attempt at resolving these differences. It
> does not attempt to merge the different methods of opening a file, but
> defines a single common kernel file read function with two wrappers.
> Although this patch set defines two new security hooks for pre and post
> file read, it does not attempt to merge the existing security hooks.
> That is left as future work.
>
> Changelog v2:
> - Combined the "ima: measuring/appraising files read by the kernel" patches
> with this patch set to simplify review.
> - Split the "ima: measure and appraise kexec image and initramfs" patch to
> separate IMA from the kexec changes.
>
> The latest version of these patches can be found in the next-kernel-read-v2
> branch of:
> git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
>
> [1] Taken from Luis Rodriguez's wiki -
> http://kernelnewbies.org/KernelProjects/common-kernel-loader
Did 0-day bot get a chance to test this tree? If not can it
be added ?
Luis
More information about the kexec
mailing list