OpenCloudOS-Kernel

Commit Graph

Author	SHA1	Message	Date
Ke Wu	0ff9848067	security/loadpin: Allow to exclude specific file types Linux kernel already provide MODULE_SIG and KEXEC_VERIFY_SIG to make sure loaded kernel module and kernel image are trusted. This patch adds a kernel command line option "loadpin.exclude" which allows to exclude specific file types from LoadPin. This is useful when people want to use different mechanisms to verify module and kernel image while still use LoadPin to protect the integrity of other files kernel loads. Signed-off-by: Ke Wu <mikewu@google.com> Reviewed-by: James Morris <jamorris@linux.microsoft.com> [kees: fix array size issue reported by Coverity via Colin Ian King] Signed-off-by: Kees Cook <keescook@chromium.org>	2019-05-31 13:57:40 -07:00
Kees Cook	30da4f77aa	doc: ReSTify LoadPin.txt Adjusts for ReST markup and moves under LSM admin guide. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net>	2017-05-18 10:33:12 -06:00

Author

SHA1

Message

Date

Ke Wu

0ff9848067

security/loadpin: Allow to exclude specific file types

Linux kernel already provide MODULE_SIG and KEXEC_VERIFY_SIG to
make sure loaded kernel module and kernel image are trusted. This
patch adds a kernel command line option "loadpin.exclude" which
allows to exclude specific file types from LoadPin. This is useful
when people want to use different mechanisms to verify module and
kernel image while still use LoadPin to protect the integrity of
other files kernel loads.

Signed-off-by: Ke Wu <mikewu@google.com>
Reviewed-by: James Morris <jamorris@linux.microsoft.com>
[kees: fix array size issue reported by Coverity via Colin Ian King]
Signed-off-by: Kees Cook <keescook@chromium.org>

2019-05-31 13:57:40 -07:00

Kees Cook

30da4f77aa

doc: ReSTify LoadPin.txt

Adjusts for ReST markup and moves under LSM admin guide.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>

2017-05-18 10:33:12 -06:00

2 Commits