Dmitry Kasatkin c9cd2ce2bc integrity: provide a hook to load keys when rootfs is ready ... Keys can only be loaded once the rootfs is mounted. Initcalls are not suitable for that. This patch defines a special hook to load the x509 public keys onto the IMA keyring, before attempting to access any file. The keys are required for verifying the file's signature. The hook is called after the root filesystem is mounted and before the kernel calls 'init'. Changes in v3: * added more explanation to the patch description (Mimi) Changes in v2: * Hook renamed as 'integrity_load_keys()' to handle both IMA and EVM keys by integrity subsystem. * Hook patch moved after defining loading functions Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>		2014-11-17 23:12:01 -05:00
..
apparmor	sched: move no_new_privs into new atomic flags	2014-07-18 12:13:38 -07:00
integrity	integrity: provide a hook to load keys when rootfs is ready	2014-11-17 23:12:01 -05:00
keys	KEYS: Make the key matching functions return bool	2014-09-16 17:36:08 +01:00
selinux	selinux: normalize audit log formatting	2014-09-22 17:02:10 -04:00
smack	Make Smack operate on smack_known struct where it still used char*	2014-08-29 10:10:55 -07:00
tomoyo	get rid of pointless checks for NULL ->i_op	2014-04-01 23:19:16 -04:00
yama
capability.c	security: introduce kernel_fw_from_file hook	2014-07-25 11:47:45 -07:00
commoncap.c	CAPABILITIES: remove undefined caps from all processes	2014-07-24 21:53:47 +10:00
device_cgroup.c	device_cgroup: use css_has_online_children() instead of has_children()	2014-05-16 13:22:52 -04:00
inode.c
Kconfig
lsm_audit.c	audit: anchor all pid references in the initial pid namespace	2014-03-20 10:11:55 -04:00
Makefile
min_addr.c
security.c	ima: add support for measuring and appraising firmware	2014-07-25 11:47:46 -07:00