Mimi Zohar a7f2a366f6 ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall ... The new kernel module syscall appraises kernel modules based on policy. If the IMA policy requires kernel module checking, fallback to module signature enforcing for the existing syscall. Without CONFIG_MODULE_SIG_FORCE enabled, the kernel module's integrity is unknown, return -EACCES. Changelog v1: - Fix ima_module_check() return result (Tetsuo Handa) Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Mimi Zohar <zohar@us.ibm.com>		2012-12-24 09:35:48 -05:00
..
apparmor	apparmor: fix IRQ stack overflow during free_profile	2012-10-25 02:12:50 +11:00
integrity	ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall	2012-12-24 09:35:48 -05:00
keys	keys: fix unreachable code	2012-12-20 17:40:21 -08:00
selinux	bridge: update selinux perm table for RTM_NEWMDB and RTM_DELMDB	2012-12-15 17:14:38 -08:00
smack	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2012-12-16 15:40:50 -08:00
tomoyo	consitify do_mount() arguments	2012-10-11 20:02:04 -04:00
yama	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace	2012-12-17 15:44:47 -08:00
capability.c	security: introduce kernel_module_from_file hook	2012-12-14 13:05:24 +10:30
commoncap.c	Fix cap_capable to only allow owners in the parent user namespace to have caps.	2012-12-14 13:50:32 -08:00
device_cgroup.c	cgroup: rename ->create/post_create/pre_destroy/destroy() to ->css_alloc/online/offline/free()	2012-11-19 08:13:38 -08:00
inode.c
Kconfig	KEYS: Move the key config into security/keys/Kconfig	2012-05-11 10:56:56 +01:00
lsm_audit.c	LSM: BUILD_BUG_ON if the common_audit_data union ever grows	2012-04-09 12:23:03 -04:00
Makefile
min_addr.c
security.c	ima: support new kernel module syscall	2012-12-14 13:05:26 +10:30