• Dmitry Kasatkin's avatar
    ima: read and use signature hash algorithm · d3634d0f
    Dmitry Kasatkin authored
    All files on the filesystem, currently, are hashed using the same hash
    algorithm.  In preparation for files from different packages being
    signed using different hash algorithms, this patch adds support for
    reading the signature hash algorithm from the 'security.ima' extended
    attribute and calculates the appropriate file data hash based on it.
    
    Changelog:
    - fix scripts Lindent and checkpatch msgs - Mimi
    - fix md5 support for older version, which occupied 20 bytes in the
      xattr, not the expected 16 bytes.  Fix the comparison to compare
      only the first 16 bytes.
    Signed-off-by: default avatarDmitry Kasatkin <d.kasatkin@samsung.com>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
    d3634d0f
ima_appraise.c 8.27 KB