On Mon, Jan 15, 2024 at 07:17:58PM +0100, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sa...@huawei.com> > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > the path_post_mknod hook. > > IMA-appraisal requires all existing files in policy to have a file > hash/signature stored in security.ima. An exception is made for empty files > created by mknod, by tagging them as new files. > > LSMs could also take some action after files are created. > > The new hook cannot return an error and cannot cause the operation to be > reverted. > > Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com> > Acked-by: Casey Schaufler <ca...@schaufler-ca.com> > Reviewed-by: Mimi Zohar <zo...@linux.ibm.com> > --- > fs/namei.c | 5 +++++
Acked-by: Christian Brauner <brau...@kernel.org>
