• Linus Torvalds's avatar
    Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 92d4a036
    Linus Torvalds authored
    Pull security subsystem updates from James Morris:
    
     - kstrdup() return value fix from Eric Biggers
    
     - Add new security_load_data hook to differentiate security checking of
       kernel-loaded binaries in the case of there being no associated file
       descriptor, from Mimi Zohar.
    
     - Add ability to IMA to specify a policy at build-time, rather than
       just via command line params or by loading a custom policy, from
       Mimi.
    
     - Allow IMA and LSMs to prevent sysfs firmware load fallback (e.g. if
       using signed firmware), from Mimi.
    
     - Allow IMA to deny loading of kexec kernel images, as they cannot be
       measured by IMA, from Mimi.
    
    * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
      security: check for kstrdup() failure in lsm_append()
      security: export security_kernel_load_data function
      ima: based on policy warn about loading firmware (pre-allocated buffer)
      module: replace the existing LSM hook in init_module
      ima: add build time policy
      ima: based on policy require signed firmware (sysfs fallback)
      firmware: add call to LSM hook before firmware sysfs fallback
      ima: based on policy require signed kexec kernel images
      kexec: add call to LSM hook in original kexec_load syscall
      security: define new LSM hook named security_kernel_load_data
      MAINTAINERS: remove the outdated "LINUX SECURITY MODULE (LSM) FRAMEWORK" entry
    92d4a036
ima_main.c 15.6 KB