*/
int ima_module_check(struct file *file)
{
- if (!file)
- return -EACCES; /* INTEGRITY_UNKNOWN */
+ if (!file) {
+#ifndef CONFIG_MODULE_SIG_FORCE
+ if (ima_appraise & IMA_APPRAISE_MODULES)
+ return -EACCES; /* INTEGRITY_UNKNOWN */
+#endif
+ return 0; /* We rely on module signature checking */
+ }
return process_measurement(file, file->f_dentry->d_name.name,
MAY_EXEC, MODULE_CHECK);
}