mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-15 23:25:07 +00:00
Code Issues Releases Wiki Activity
linux-stable/security/integrity
History
Jeff Layton db1d1e8b98 IMA: use vfs_getattr_nosec to get the i_version 
IMA currently accesses the i_version out of the inode directly when it
does a measurement. This is fine for most simple filesystems, but can be
problematic with more complex setups (e.g. overlayfs).

Make IMA instead call vfs_getattr_nosec to get this info. This allows
the filesystem to determine whether and how to report the i_version, and
should allow IMA to work properly with a broader class of filesystems in
the future.

Reported-and-Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2023-05-23 18:07:34 -04:00
..
evm integrity-v6.3 2023-02-22 12:36:25 -08:00
ima IMA: use vfs_getattr_nosec to get the i_version 2023-05-23 18:07:34 -04:00
platform_certs integrity/powerpc: Support loading keys from PLPKS 2023-02-13 22:34:44 +11:00
digsig.c integrity: machine keyring CA configuration 2023-04-24 16:15:53 +03:00
digsig_asymmetric.c ima: fix reference leak in asymmetric_verify() 2022-01-24 18:37:36 -05:00
iint.c Revert "integrity: double check iint_cache was initialized" 2023-03-10 18:33:52 -05:00
integrity.h ima: support fs-verity file digest based version 3 signatures 2022-05-05 17:41:51 -04:00
integrity_audit.c integrity: check the return value of audit_log_start() 2022-02-02 11:44:23 -05:00
Kconfig integrity: machine keyring CA configuration 2023-04-24 16:15:53 +03:00
Makefile integrity: Introduce a Linux keyring called machine 2022-03-08 13:55:52 +02:00