linux/fs/overlayfs
Linus Torvalds 353ad6c083 integrity-v6.10
-----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQQdXVVFGN5XqKr1Hj7LwZzRsCrn5QUCZkQD2xQcem9oYXJAbGlu
 dXguaWJtLmNvbQAKCRDLwZzRsCrn5b81APwINCoiLDB0L9KkyUhQjqvLLZCS85u9
 Qo3/wdUGAb2tygD/RYKJgtGxvqO1Ap1IysytKHId0yo+vokdXG5stpMPJQE=
 =dIrw
 -----END PGP SIGNATURE-----

Merge tag 'integrity-v6.10' of ssh://ra.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

Pull integrity updates from Mimi Zohar:
 "Two IMA changes, one EVM change, a use after free bug fix, and a code
  cleanup to address "-Wflex-array-member-not-at-end" warnings:

   - The existing IMA {ascii, binary}_runtime_measurements lists include
     a hard coded SHA1 hash. To address this limitation, define per TPM
     enabled hash algorithm {ascii, binary}_runtime_measurements lists

   - Close an IMA integrity init_module syscall measurement gap by
     defining a new critical-data record

   - Enable (partial) EVM support on stacked filesystems (overlayfs).
     Only EVM portable & immutable file signatures are copied up, since
     they do not contain filesystem specific metadata"

* tag 'integrity-v6.10' of ssh://ra.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  ima: add crypto agility support for template-hash algorithm
  evm: Rename is_unsupported_fs to is_unsupported_hmac_fs
  fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED
  evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509
  ima: re-evaluate file integrity on file metadata change
  evm: Store and detect metadata inode attributes changes
  ima: Move file-change detection variables into new structure
  evm: Use the metadata inode to calculate metadata hash
  evm: Implement per signature type decision in security_inode_copy_up_xattr
  security: allow finer granularity in permitting copy-up of security xattrs
  ima: Rename backing_inode to real_inode
  integrity: Avoid -Wflex-array-member-not-at-end warnings
  ima: define an init_module critical data record
  ima: Fix use-after-free on a dentry's dname.name
2024-05-15 08:43:02 -07:00
..
copy_up.c security: allow finer granularity in permitting copy-up of security xattrs 2024-04-09 17:14:57 -04:00
dir.c rename(): avoid a deadlock in the case of parents having no common ancestor 2023-11-25 02:54:14 -05:00
export.c dcache stuff for this cycle 2024-01-11 20:11:35 -08:00
file.c fs: factor out backing_file_mmap() helper 2023-12-23 16:35:09 +02:00
inode.c fs: Pass AT_GETATTR_NOSEC flag to getattr interface function 2023-11-18 14:54:07 +01:00
Kconfig fs: prepare for stackable filesystems backing file helpers 2023-12-23 16:35:08 +02:00
Makefile ovl: Move xattr support to new xattrs.c file 2023-10-31 00:12:59 +02:00
namei.c ovl: mark xwhiteouts directory with overlay.opaque='x' 2024-01-23 12:39:48 +02:00
overlayfs.h ovl: mark xwhiteouts directory with overlay.opaque='x' 2024-01-23 12:39:48 +02:00
ovl_entry.h ovl: mark xwhiteouts directory with overlay.opaque='x' 2024-01-23 12:39:48 +02:00
params.c fs_parser: move fsparam_string_empty() helper into header 2024-03-26 09:01:18 +01:00
params.h ovl: store and show the user provided lowerdir mount option 2023-10-31 00:13:02 +02:00
readdir.c ovl: mark xwhiteouts directory with overlay.opaque='x' 2024-01-23 12:39:48 +02:00
super.c fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED 2024-04-09 17:14:58 -04:00
util.c vfs-6.9.uuid 2024-03-11 11:02:06 -07:00
xattrs.c ovl: Support escaped overlay.* xattrs 2023-10-31 00:12:59 +02:00