korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 04:18:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
2fea0c26b8
linux/security
History
Fan Wu 2fea0c26b8 initramfs,lsm: add a security hook to do_populate_rootfs() 
This patch introduces a new hook to notify security system that the
content of initramfs has been unpacked into the rootfs.

Upon receiving this notification, the security system can activate
a policy to allow only files that originated from the initramfs to
execute or load into kernel during the early stages of booting.

This approach is crucial for minimizing the attack surface by
ensuring that only trusted files from the initramfs are operational
in the critical boot phase.

Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-08-20 14:01:41 -04:00
..
apparmor lsm: infrastructure management of the sock security 2024-07-29 16:54:50 -04:00
bpf lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
integrity lsm: add the inode_free_security_rcu() LSM implementation hook 2024-08-12 15:35:04 -04:00
ipe ipe: add LSM hooks on execution and kernel read 2024-08-20 14:01:33 -04:00
keys Performance events changes for v6.11: 2024-07-16 17:13:31 -07:00
landlock lsm: add the inode_free_security_rcu() LSM implementation hook 2024-08-12 15:35:04 -04:00
loadpin hardening fixes for v6.10-rc1 2024-05-24 08:33:44 -07:00
lockdown lockdown: Make lockdown_lsmid static 2024-08-15 12:11:42 -04:00
safesetid lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
selinux lsm: Refactor return value of LSM hook inode_copy_up_xattr 2024-07-31 14:47:09 -04:00
smack lsm: Refactor return value of LSM hook inode_copy_up_xattr 2024-07-31 14:47:09 -04:00
tomoyo tomoyo: update project links 2024-06-03 22:43:11 +09:00
yama sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
commoncap.c lsm: Refactor return value of LSM hook vm_enough_memory 2024-07-31 14:46:51 -04:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c security: convert to new timestamp accessors 2023-10-18 14:08:31 +02:00
Kconfig lsm: add IPE lsm 2024-08-19 22:36:26 -04:00
Kconfig.hardening Revert "mm: init_mlocked_on_free_v3" 2024-06-15 10:43:05 -07:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
lsm_syscalls.c lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
Makefile lsm: add IPE lsm 2024-08-19 22:36:26 -04:00
min_addr.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
security.c initramfs,lsm: add a security hook to do_populate_rootfs() 2024-08-20 14:01:41 -04:00