linux

mirror of https://github.com/torvalds/linux synced 2024-07-21 10:41:44 +00:00

History

Linus Torvalds 353ad6c083 integrity-v6.10 -----BEGIN PGP SIGNATURE----- iIoEABYIADIWIQQdXVVFGN5XqKr1Hj7LwZzRsCrn5QUCZkQD2xQcem9oYXJAbGlu dXguaWJtLmNvbQAKCRDLwZzRsCrn5b81APwINCoiLDB0L9KkyUhQjqvLLZCS85u9 Qo3/wdUGAb2tygD/RYKJgtGxvqO1Ap1IysytKHId0yo+vokdXG5stpMPJQE= =dIrw -----END PGP SIGNATURE----- Merge tag 'integrity-v6.10' of ssh://ra.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity Pull integrity updates from Mimi Zohar: "Two IMA changes, one EVM change, a use after free bug fix, and a code cleanup to address "-Wflex-array-member-not-at-end" warnings: - The existing IMA {ascii, binary}_runtime_measurements lists include a hard coded SHA1 hash. To address this limitation, define per TPM enabled hash algorithm {ascii, binary}_runtime_measurements lists - Close an IMA integrity init_module syscall measurement gap by defining a new critical-data record - Enable (partial) EVM support on stacked filesystems (overlayfs). Only EVM portable & immutable file signatures are copied up, since they do not contain filesystem specific metadata" * tag 'integrity-v6.10' of ssh://ra.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: ima: add crypto agility support for template-hash algorithm evm: Rename is_unsupported_fs to is_unsupported_hmac_fs fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509 ima: re-evaluate file integrity on file metadata change evm: Store and detect metadata inode attributes changes ima: Move file-change detection variables into new structure evm: Use the metadata inode to calculate metadata hash evm: Implement per signature type decision in security_inode_copy_up_xattr security: allow finer granularity in permitting copy-up of security xattrs ima: Rename backing_inode to real_inode integrity: Avoid -Wflex-array-member-not-at-end warnings ima: define an init_module critical data record ima: Fix use-after-free on a dentry's dname.name		2024-05-15 08:43:02 -07:00
..
apparmor	lsm: remove the now superfluous sentinel element from ctl_table array	2024-04-15 15:00:00 -04:00
bpf	lsm: mark the lsm_id variables are marked as static	2023-11-12 22:54:42 -05:00
integrity	ima: add crypto agility support for template-hash algorithm	2024-04-12 09:59:04 -04:00
keys	lsm/stable-6.10 PR 20240513	2024-05-15 08:25:38 -07:00
landlock	landlock: Use f_cred in security_file_open() hook	2024-03-08 18:22:16 +01:00
loadpin	lsm: remove the now superfluous sentinel element from ctl_table array	2024-04-15 15:00:00 -04:00
lockdown	LSM: Identify modules by more than name	2023-11-12 22:54:42 -05:00
safesetid	lsm: mark the lsm_id variables are marked as static	2023-11-12 22:54:42 -05:00
selinux	integrity-v6.10	2024-05-15 08:43:02 -07:00
smack	integrity-v6.10	2024-05-15 08:43:02 -07:00
tomoyo	tomoyo: fix UAF write bug in tomoyo_write_control()	2024-03-01 11:14:00 -08:00
yama	lsm: remove the now superfluous sentinel element from ctl_table array	2024-04-15 15:00:00 -04:00
commoncap.c	lsm: mark the lsm_id variables are marked as static	2023-11-12 22:54:42 -05:00
device_cgroup.c	device_cgroup: Fix kernel-doc warnings in device_cgroup	2023-06-21 09:30:49 -04:00
inode.c	security: convert to new timestamp accessors	2023-10-18 14:08:31 +02:00
Kconfig	fortify: drop Clang version check for 12.0.1 or newer	2024-02-22 15:38:54 -08:00
Kconfig.hardening	hardening: Move BUG_ON_DATA_CORRUPTION to hardening options	2023-08-15 14:57:25 -07:00
lsm_audit.c	lsm: fix a number of misspellings	2023-05-25 17:52:15 -04:00
lsm_syscalls.c	lsm: use 32-bit compatible data types in LSM syscalls	2024-03-14 11:31:26 -04:00
Makefile	LSM: syscalls for current process attributes	2023-11-12 22:54:42 -05:00
min_addr.c	sysctl: pass kernel pointers to ->proc_handler	2020-04-27 02:07:40 -04:00
security.c	security: allow finer granularity in permitting copy-up of security xattrs	2024-04-09 17:14:57 -04:00