Mimi Zohar f5acb3dcba Revert "ima: limit file hash setting by user to fix and log modes" ... Userspace applications have been modified to write security xattrs, but they are not context aware. In the case of security.ima, the security xattr can be either a file hash or a file signature. Permitting writing one, but not the other requires the application to be context aware. In addition, userspace applications might write files to a staging area, which might not be in policy, and then change some file metadata (eg. owner) making it in policy. As a result, these files are not labeled properly. This reverts commit c68ed80c97, which prevents writing file hashes as security.ima xattrs. Requested-by: Patrick Ohly <patrick.ohly@intel.com> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>		2016-11-13 22:50:09 -05:00
..
evm	xattr: Add __vfs_{get,set,remove}xattr helpers	2016-10-07 20:10:44 -04:00
ima	Revert "ima: limit file hash setting by user to fix and log modes"	2016-11-13 22:50:09 -05:00
digsig_asymmetric.c	X.509: Make algo identifiers text instead of enum	2016-03-03 21:49:27 +00:00
digsig.c	IMA: Use the the system trusted keyrings instead of .ima_mok	2016-04-11 22:49:15 +01:00
iint.c	integrity: add measured_pcrs field to integrity cache	2016-06-30 01:14:19 -04:00
integrity_audit.c	Merge git://git.infradead.org/users/eparis/audit	2014-04-12 12:38:53 -07:00
integrity.h	integrity: add measured_pcrs field to integrity cache	2016-06-30 01:14:19 -04:00
Kconfig	security: integrity: Remove select to deleted option PUBLIC_KEY_ALGO_RSA	2016-04-12 19:54:58 +01:00
Makefile	integrity: make integrity files as 'integrity' module	2014-09-09 10:28:58 -04:00