]> www.infradead.org Git - users/jedix/linux-maple.git/commit
lsm: add security_inode_setintegrity() hook
authorFan Wu <wufan@linux.microsoft.com>
Sat, 3 Aug 2024 06:08:28 +0000 (23:08 -0700)
committerPaul Moore <paul@paul-moore.com>
Tue, 20 Aug 2024 18:02:58 +0000 (14:02 -0400)
commitfb55e177d5936fb80fb2586036d195c57e7f6892
tree0d6854ff38a9ee6d6332e1a1d1975f8da65e4309
parente155858dd99523d4afe0f74e9c26e4f4499eb5af
lsm: add security_inode_setintegrity() hook

This patch introduces a new hook to save inode's integrity
data. For example, for fsverity enabled files, LSMs can use this hook to
save the existence of verified fsverity builtin signature into the inode's
security blob, and LSMs can make access decisions based on this data.

Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
[PM: subject line tweak, removed changelog]
Signed-off-by: Paul Moore <paul@paul-moore.com>
include/linux/lsm_hook_defs.h
include/linux/security.h
security/security.c