linux-stable/security/integrity/ima
Mimi Zohar d77ccdc644 ima: re-evaluate files on privileged mounted filesystems
This patch addresses the fuse privileged mounted filesystems in a "secure"
environment, with a correctly enforced security policy, which is willing
to assume the inherent risk of specific fuse filesystems that are well
defined and properly implemented.

As there is no way for the kernel to detect file changes, the kernel
ignores the cached file integrity results and re-measures, re-appraises,
and re-audits the file.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Seth Forshee <seth.forshee@canonical.com>
Cc: Dongsu Park <dongsu@kinvolk.io>
Cc: Alban Crequy <alban@kinvolk.io>
Acked-by: Serge Hallyn <serge@hallyn.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
2018-03-23 06:31:37 -04:00
..
ima.h IMA: Support using new creds in appraisal policy 2018-03-23 06:31:11 -04:00
ima_api.c IMA: Support using new creds in appraisal policy 2018-03-23 06:31:11 -04:00
ima_appraise.c ima: fail file signature verification on non-init mounted filesystems 2018-03-23 06:31:37 -04:00
ima_crypto.c tpm: use struct tpm_chip for tpm_chip_find_get() 2018-01-08 12:58:36 +02:00
ima_fs.c ima: Fix bool initialization/comparison 2017-11-08 15:16:36 -05:00
ima_init.c tpm: use struct tpm_chip for tpm_chip_find_get() 2018-01-08 12:58:36 +02:00
ima_kexec.c ima: define a canonical binary_runtime_measurements list format 2016-12-20 09:48:45 -08:00
ima_main.c ima: re-evaluate files on privileged mounted filesystems 2018-03-23 06:31:37 -04:00
ima_mok.c KEYS: Use structure to capture key restriction function and data 2017-04-04 14:10:10 -07:00
ima_policy.c IMA: Support using new creds in appraisal policy 2018-03-23 06:31:11 -04:00
ima_queue.c tpm: use struct tpm_chip for tpm_chip_find_get() 2018-01-08 12:58:36 +02:00
ima_template.c ima: Fix line continuation format 2017-12-18 09:43:47 -05:00
ima_template_lib.c ima: introduce ima_parse_buf() 2017-06-21 14:37:12 -04:00
ima_template_lib.h ima: introduce ima_parse_buf() 2017-06-21 14:37:12 -04:00
Kconfig IMA: Correct Kconfig dependencies for hash selection 2017-06-21 14:37:12 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00