mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-29 23:53:32 +00:00
d77ccdc644
This patch addresses the fuse privileged mounted filesystems in a "secure" environment, with a correctly enforced security policy, which is willing to assume the inherent risk of specific fuse filesystems that are well defined and properly implemented. As there is no way for the kernel to detect file changes, the kernel ignores the cached file integrity results and re-measures, re-appraises, and re-audits the file. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Miklos Szeredi <miklos@szeredi.hu> Cc: Seth Forshee <seth.forshee@canonical.com> Cc: Dongsu Park <dongsu@kinvolk.io> Cc: Alban Crequy <alban@kinvolk.io> Acked-by: Serge Hallyn <serge@hallyn.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
---|---|---|
.. | ||
ima.h | ||
ima_api.c | ||
ima_appraise.c | ||
ima_crypto.c | ||
ima_fs.c | ||
ima_init.c | ||
ima_kexec.c | ||
ima_main.c | ||
ima_mok.c | ||
ima_policy.c | ||
ima_queue.c | ||
ima_template.c | ||
ima_template_lib.c | ||
ima_template_lib.h | ||
Kconfig | ||
Makefile |