ima: instantiate the bprm_creds_for_exec() hook - kernel

diff options

author	Mimi Zohar <[email protected]>	2024-12-12 17:42:23 +0000
committer	Kees Cook <[email protected]>	2024-12-19 01:00:29 +0000
commit	95b3cdafd7cb74414070893445a9b731793f7b55 (patch)
tree	0b9a65ed7456098af3d0263f893159a6bf4c11c3 /drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c
parent	samples/check-exec: Add an enlighten "inc" interpreter and 28 tests (diff)
download	kernel-95b3cdafd7cb74414070893445a9b731793f7b55.tar.gz kernel-95b3cdafd7cb74414070893445a9b731793f7b55.zip

ima: instantiate the bprm_creds_for_exec() hook

Like direct file execution (e.g. ./script.sh), indirect file execution (e.g. sh script.sh) needs to be measured and appraised. Instantiate the new security_bprm_creds_for_exec() hook to measure and verify the indirect file's integrity. Unlike direct file execution, indirect file execution is optionally enforced by the interpreter. Differentiate kernel and userspace enforced integrity audit messages. Co-developed-by: Roberto Sassu <[email protected]> Signed-off-by: Roberto Sassu <[email protected]> Signed-off-by: Mimi Zohar <[email protected]> Tested-by: Stefan Berger <[email protected]> Reviewed-by: Mickaël Salaün <[email protected]> Signed-off-by: Mickaël Salaün <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Kees Cook <[email protected]>

Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: