1
0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-10-25 19:30:49 +02:00

libimaevm: Remove calculation of a digest over a symbolic link

Signature verification on symbolic links is not supported by IMA in the
kernel, so remove the calculation of digests over symbolic links.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Stefan Berger
2021-07-08 12:04:08 -04:00
committed by Mimi Zohar
parent a5a03d5454
commit fd40ff5dd5

View File

@@ -177,20 +177,6 @@ out:
return err;
}
static int add_link_hash(const char *path, EVP_MD_CTX *ctx)
{
int len;
char buf[1024];
len = readlink(path, buf, sizeof(buf));
/* 0-length links are also an error */
if (len <= 0)
return -1;
log_info("link: %s -> %.*s\n", path, len, buf);
return !EVP_DigestUpdate(ctx, buf, len);
}
int ima_calc_hash(const char *file, uint8_t *hash)
{
const EVP_MD *md;
@@ -231,9 +217,6 @@ int ima_calc_hash(const char *file, uint8_t *hash)
case S_IFREG:
err = add_file_hash(file, pctx);
break;
case S_IFLNK:
err = add_link_hash(file, pctx);
break;
default:
log_err("Unsupported file type (0x%x)", st.st_mode & S_IFMT);
err = -1;