I have another question about measuring modules. Why did not you measuring executable files just like measuring modules?
------------------ Original ------------------
Date: Tue, Nov 3, 2009 03:01 PM
Subject: question about measure modules
I am reading ima sourecode, why the "ima_measure_kernel_module" function does not be called by any function?
On Tue, 2009-11-03 at 16:53 +0800, zhangkai wrote:
> I have another question about measuring modules. Why did not you
> measuring executable files just like measuring modules?
The version of IMA distributed from this website is an LSM module,
meaning it uses the LSM hooks defined in include/linux/security.h. As
there is no LSM hook available when loading a kernel module, IMA defined
one. The call for ima_measure_module() is in kernel/module.c.
As of linux-2.6.30, IMA is now supported in the kernel. For more
information refer to http://linux-ima.sourceforge.net