mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/security/integrity/ima
History
Linus Torvalds 6c1dd1fe5d integrity-v6.8 
-----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQQdXVVFGN5XqKr1Hj7LwZzRsCrn5QUCZZ0pVhQcem9oYXJAbGlu
 dXguaWJtLmNvbQAKCRDLwZzRsCrn5RVMAQDm9J+iiY/2Af75vOTKIZXtGF6KsBpx
 9b9ALPqPNZPgugD+PfwSbS+6rO8AItXE0Q2+FwtDaV8LxgSwK9vGeCHI2wM=
 =yinc
 -----END PGP SIGNATURE-----

Merge tag 'integrity-v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

Pull integrity updates from Mimi Zohar:

 - Add a new IMA/EVM maintainer and reviewer

 - Disable EVM on overlayfs

   The EVM HMAC and the original file signatures contain filesystem
   specific metadata (e.g. i_ino, i_generation and s_uuid), preventing
   the security.evm xattr from directly being copied up to the overlay.
   Further before calculating and writing out the overlay file's EVM
   HMAC, EVM must first verify the existing backing file's
   'security.evm' value.

   For now until a solution is developed, disable EVM on overlayfs.

 - One bug fix and two cleanups

* tag 'integrity-v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  overlay: disable EVM
  evm: add support to disable EVM on unsupported filesystems
  evm: don't copy up 'security.evm' xattr
  MAINTAINERS: Add Eric Snowberg as a reviewer to IMA
  MAINTAINERS: Add Roberto Sassu as co-maintainer to IMA and EVM
  KEYS: encrypted: Add check for strsep
  ima: Remove EXPERIMENTAL from Kconfig
  ima: Reword IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
 		2024-01-09 13:24:06 -08:00
..
Kconfig ima: Remove EXPERIMENTAL from Kconfig 2023-11-27 12:44:47 -05:00
Makefile ima: generalize x86/EFI arch glue for other EFI architectures 2020-11-06 07:40:42 +01:00
ima.h integrity-v6.3 2023-02-22 12:36:25 -08:00
ima_api.c ima: detect changes to the backing overlay file 2023-10-31 08:22:36 -04:00
ima_appraise.c integrity: Always reference the blacklist keyring with appraisal 2023-08-01 08:17:25 -04:00
ima_asymmetric_keys.c fs: port xattr to mnt_idmap 2023-01-19 09:24:28 +01:00
ima_crypto.c mm, treewide: rename MAX_ORDER to MAX_PAGE_ORDER 2024-01-08 15:27:15 -08:00
ima_efi.c ima: require signed IMA policy when UEFI secure boot is enabled 2023-08-01 08:18:11 -04:00
ima_fs.c ima: Return error code obtained from securityfs functions 2022-02-15 11:17:01 -05:00
ima_init.c ima: define ima_max_digest_data struct without a flexible array variable 2022-02-15 11:52:06 -05:00
ima_kexec.c kexec_file: print out debugging message if required 2023-12-20 15:02:57 -08:00
ima_main.c ima: detect changes to the backing overlay file 2023-10-31 08:22:36 -04:00
ima_modsig.c ima: Add __counted_by for struct modsig and use struct_size() 2023-10-20 10:52:41 -07:00
ima_mok.c IMA: remove -Wmissing-prototypes warning 2021-07-23 08:05:06 -04:00
ima_policy.c integrity-v6.6 2023-08-30 09:16:56 -07:00
ima_queue.c IMA: support for duplicate measurement records 2021-06-11 12:54:13 -04:00
ima_queue_keys.c fs: port xattr to mnt_idmap 2023-01-19 09:24:28 +01:00
ima_template.c ima: Fix misuse of dereference of pointer in template_desc_init_fields() 2022-11-16 11:47:55 -05:00
ima_template_lib.c fs: port ->permission() to pass mnt_idmap 2023-01-19 09:24:28 +01:00
ima_template_lib.h ima: define a new template field named 'd-ngv2' and templates 2022-05-05 11:49:13 -04:00