diff options
author | Matthew Garrett <mjg59@google.com> | 2018-05-11 16:12:34 -0700 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2018-05-17 08:03:07 -0400 |
commit | 0c343af8065be5ceb0c03a876af7c513e960e2ff (patch) | |
tree | 908d997e4a9eaaef301fd220b9b61bc17158611f /security/integrity/ima | |
parent | 4ecd9934ba1c2edf95588a364d49ddfd85c61bd1 (diff) | |
download | op-kernel-dev-0c343af8065be5ceb0c03a876af7c513e960e2ff.zip op-kernel-dev-0c343af8065be5ceb0c03a876af7c513e960e2ff.tar.gz |
integrity: Add an integrity directory in securityfs
We want to add additional evm control nodes, and it'd be preferable not
to clutter up the securityfs root directory any further. Create a new
integrity directory, move the ima directory into it, create an evm
directory for the evm attribute and add compatibility symlinks.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/ima')
-rw-r--r-- | security/integrity/ima/ima_fs.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index b34cec7..ae9d5c7 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -359,6 +359,7 @@ out: } static struct dentry *ima_dir; +static struct dentry *ima_symlink; static struct dentry *binary_runtime_measurements; static struct dentry *ascii_runtime_measurements; static struct dentry *runtime_measurements_count; @@ -453,10 +454,15 @@ static const struct file_operations ima_measure_policy_ops = { int __init ima_fs_init(void) { - ima_dir = securityfs_create_dir("ima", NULL); + ima_dir = securityfs_create_dir("ima", integrity_dir); if (IS_ERR(ima_dir)) return -1; + ima_symlink = securityfs_create_symlink("ima", NULL, "integrity/ima", + NULL); + if (IS_ERR(ima_symlink)) + goto out; + binary_runtime_measurements = securityfs_create_file("binary_runtime_measurements", S_IRUSR | S_IRGRP, ima_dir, NULL, @@ -496,6 +502,7 @@ out: securityfs_remove(runtime_measurements_count); securityfs_remove(ascii_runtime_measurements); securityfs_remove(binary_runtime_measurements); + securityfs_remove(ima_symlink); securityfs_remove(ima_dir); securityfs_remove(ima_policy); return -1; |