korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-23 20:24:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
f5acb3dcba
linux/security/integrity/ima
History
Mimi Zohar f5acb3dcba Revert "ima: limit file hash setting by user to fix and log modes" 
Userspace applications have been modified to write security xattrs,
but they are not context aware.  In the case of security.ima, the
security xattr can be either a file hash or a file signature.
Permitting writing one, but not the other requires the application to
be context aware.

In addition, userspace applications might write files to a staging
area, which might not be in policy, and then change some file metadata
(eg. owner) making it in policy.  As a result, these files are not
labeled properly.

This reverts commit c68ed80c97, which
prevents writing file hashes as security.ima xattrs.

Requested-by: Patrick Ohly <patrick.ohly@intel.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2016-11-13 22:50:09 -05:00
..
ima_api.c ima: change integrity cache to store measured pcr 2016-06-30 01:14:22 -04:00
ima_appraise.c Revert "ima: limit file hash setting by user to fix and log modes" 2016-11-13 22:50:09 -05:00
ima_crypto.c ima: calculate the hash of a buffer using aynchronous hash(ahash) 2016-02-18 17:14:44 -05:00
ima_fs.c ima: fix memory leak in ima_release_policy 2016-11-13 22:50:08 -05:00
ima_init.c ima: include pcr for each measurement log entry 2016-06-30 01:14:21 -04:00
ima_main.c ima: use file_dentry() 2016-09-16 12:44:20 +02:00
ima_mok.c IMA: Use the the system trusted keyrings instead of .ima_mok 2016-04-11 22:49:15 +01:00
ima_policy.c ima: extend ima_get_action() to return the policy pcr 2016-06-30 01:14:20 -04:00
ima_queue.c ima: extend the measurement entry specific pcr 2016-06-30 01:14:22 -04:00
ima_template_lib.c ima: separate 'security.ima' reading functionality from collect 2016-02-18 17:13:32 -05:00
ima_template_lib.h ima: wrap event related data to the new ima_event_data structure 2015-05-21 13:59:28 -04:00
ima_template.c ima: separate 'security.ima' reading functionality from collect 2016-02-18 17:13:32 -05:00
ima.h ima: include pcr for each measurement log entry 2016-06-30 01:14:21 -04:00
Kconfig IMA: Use the the system trusted keyrings instead of .ima_mok 2016-04-11 22:49:15 +01:00
Makefile IMA: Use the the system trusted keyrings instead of .ima_mok 2016-04-11 22:49:15 +01:00