[0/2] fsverity: killswitch sysctl

Message ID	cover.1651184207.git.boris@bur.io (mailing list archive)
Headers	show Return-Path: <linux-fscrypt-owner@kernel.org> From: Boris Burkov <boris@bur.io> To: linux-fscrypt@vger.kernel.org, kernel-team@fb.com Subject: [PATCH 0/2] fsverity: killswitch sysctl Date: Thu, 28 Apr 2022 15:19:18 -0700 Message-Id: <cover.1651184207.git.boris@bur.io> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	fsverity: killswitch sysctl \| expand [0/2] fsverity: killswitch sysctl [1/2] fsverity: factor out sysctl from signature.c [2/2] fsverity: add mode sysctl

Message ID

cover.1651184207.git.boris@bur.io (mailing list archive)

Headers

From: Boris Burkov <boris@bur.io>
To: linux-fscrypt@vger.kernel.org, kernel-team@fb.com
Subject: [PATCH 0/2] fsverity: killswitch sysctl
Date: Thu, 28 Apr 2022 15:19:18 -0700
Message-Id: <cover.1651184207.git.boris@bur.io>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

fsverity: killswitch sysctl | expand

Message

Boris Burkov April 28, 2022, 10:19 p.m. UTC

These patches add a new fs-verity sysctl that allows the administrator
to set verity in a log-only audit mode or disable it entirely.

Boris Burkov (2):
  fsverity: factor out sysctl from signature.c
  fsverity: add mode sysctl

 fs/verity/Makefile           |   2 +
 fs/verity/enable.c           |   3 +
 fs/verity/fsverity_private.h |  24 ++++++++
 fs/verity/init.c             |   7 ++-
 fs/verity/measure.c          |   3 +
 fs/verity/open.c             |  14 ++++-
 fs/verity/read_metadata.c    |   3 +
 fs/verity/signature.c        |  68 +++++-----------------
 fs/verity/sysctl.c           | 110 +++++++++++++++++++++++++++++++++++
 fs/verity/verify.c           |  34 ++++++++++-
 include/linux/fsverity.h     |   4 +-
 11 files changed, 210 insertions(+), 62 deletions(-)
 create mode 100644 fs/verity/sysctl.c