|
|
Log in / Subscribe / Register

fsverity: killswitch sysctl

From:  Boris Burkov <boris-AT-bur.io>
To:  linux-fscrypt-AT-vger.kernel.org, kernel-team-AT-fb.com
Subject:  [PATCH 0/2] fsverity: killswitch sysctl
Date:  Thu, 28 Apr 2022 15:19:18 -0700
Message-ID:  <cover.1651184207.git.boris@bur.io>
Archive-link:  Article

These patches add a new fs-verity sysctl that allows the administrator
to set verity in a log-only audit mode or disable it entirely.

Boris Burkov (2):
  fsverity: factor out sysctl from signature.c
  fsverity: add mode sysctl

 fs/verity/Makefile           |   2 +
 fs/verity/enable.c           |   3 +
 fs/verity/fsverity_private.h |  24 ++++++++
 fs/verity/init.c             |   7 ++-
 fs/verity/measure.c          |   3 +
 fs/verity/open.c             |  14 ++++-
 fs/verity/read_metadata.c    |   3 +
 fs/verity/signature.c        |  68 +++++-----------------
 fs/verity/sysctl.c           | 110 +++++++++++++++++++++++++++++++++++
 fs/verity/verify.c           |  34 ++++++++++-
 include/linux/fsverity.h     |   4 +-
 11 files changed, 210 insertions(+), 62 deletions(-)
 create mode 100644 fs/verity/sysctl.c

-- 
2.30.2

Copyright © 2022, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds