mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/security
History
Linus Torvalds 6c1dd1fe5d integrity-v6.8 
-----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQQdXVVFGN5XqKr1Hj7LwZzRsCrn5QUCZZ0pVhQcem9oYXJAbGlu
 dXguaWJtLmNvbQAKCRDLwZzRsCrn5RVMAQDm9J+iiY/2Af75vOTKIZXtGF6KsBpx
 9b9ALPqPNZPgugD+PfwSbS+6rO8AItXE0Q2+FwtDaV8LxgSwK9vGeCHI2wM=
 =yinc
 -----END PGP SIGNATURE-----

Merge tag 'integrity-v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

Pull integrity updates from Mimi Zohar:

 - Add a new IMA/EVM maintainer and reviewer

 - Disable EVM on overlayfs

   The EVM HMAC and the original file signatures contain filesystem
   specific metadata (e.g. i_ino, i_generation and s_uuid), preventing
   the security.evm xattr from directly being copied up to the overlay.
   Further before calculating and writing out the overlay file's EVM
   HMAC, EVM must first verify the existing backing file's
   'security.evm' value.

   For now until a solution is developed, disable EVM on overlayfs.

 - One bug fix and two cleanups

* tag 'integrity-v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  overlay: disable EVM
  evm: add support to disable EVM on unsupported filesystems
  evm: don't copy up 'security.evm' xattr
  MAINTAINERS: Add Eric Snowberg as a reviewer to IMA
  MAINTAINERS: Add Roberto Sassu as co-maintainer to IMA and EVM
  KEYS: encrypted: Add check for strsep
  ima: Remove EXPERIMENTAL from Kconfig
  ima: Reword IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
 		2024-01-09 13:24:06 -08:00
..
apparmor lsm/stable-6.8 PR 20240105 2024-01-09 12:57:46 -08:00
bpf lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
integrity integrity-v6.8 2024-01-09 13:24:06 -08:00
keys integrity-v6.8 2024-01-09 13:24:06 -08:00
landlock Landlock updates for v6.8-rc1 2024-01-09 13:22:15 -08:00
loadpin lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
lockdown LSM: Identify modules by more than name 2023-11-12 22:54:42 -05:00
safesetid lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
selinux lsm/stable-6.8 PR 20240105 2024-01-09 12:57:46 -08:00
smack lsm: new security_file_ioctl_compat() hook 2023-12-24 15:48:03 -05:00
tomoyo lsm: new security_file_ioctl_compat() hook 2023-12-24 15:48:03 -05:00
yama lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
Kconfig mm/slab: remove HAVE_HARDENED_USERCOPY_ALLOCATOR 2023-05-24 15:38:17 +02:00
Kconfig.hardening hardening: Move BUG_ON_DATA_CORRUPTION to hardening options 2023-08-15 14:57:25 -07:00
Makefile LSM: syscalls for current process attributes 2023-11-12 22:54:42 -05:00
commoncap.c lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c security: convert to new timestamp accessors 2023-10-18 14:08:31 +02:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
lsm_syscalls.c LSM: Helpers for attribute names and filling lsm_ctx 2023-11-12 22:54:42 -05:00
min_addr.c
security.c integrity-v6.8 2024-01-09 13:24:06 -08:00