ima: based on policy require signed kexec kernel images (16c267aa) · Commits · 方亚芬 / linux

Commit 16c267aa authored Jul 13, 2018 by

Mimi Zohar Committed by James Morris Jul 16, 2018

ima: based on policy require signed kexec kernel images

The original kexec_load syscall can not verify file signatures, nor can
the kexec image be measured.  Based on policy, deny the kexec_load
syscall.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Kees Cook <keescook@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>

parent a210fd32

Hide whitespace changes

Inline Side-by-side

Please register or to comment