system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-07-21 02:23:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/security/integrity
History
Mimi Zohar b836c4d29f ima: detect changes to the backing overlay file 
Commit 18b44bc5a6 ("ovl: Always reevaluate the file signature for
IMA") forced signature re-evaulation on every file access.

Instead of always re-evaluating the file's integrity, detect a change
to the backing file, by comparing the cached file metadata with the
backing file's metadata.  Verifying just the i_version has not changed
is insufficient.  In addition save and compare the i_ino and s_dev
as well.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Tested-by: Eric Snowberg <eric.snowberg@oracle.com>
Tested-by: Raul E Rangel <rrangel@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2023-10-31 08:22:36 -04:00
..
evm lsm/stable-6.6 PR 20230829 2023-08-30 09:07:09 -07:00
ima ima: detect changes to the backing overlay file 2023-10-31 08:22:36 -04:00
platform_certs Hi, 2023-08-29 08:05:18 -07:00
digsig.c integrity: check whether imputed trust is enabled 2023-08-17 20:12:35 +00:00
digsig_asymmetric.c ima: fix reference leak in asymmetric_verify() 2022-01-24 18:37:36 -05:00
iint.c ima: annotate iint mutex to avoid lockdep false positive warnings 2023-10-31 08:20:09 -04:00
integrity.h ima: detect changes to the backing overlay file 2023-10-31 08:22:36 -04:00
integrity_audit.c integrity: check the return value of audit_log_start() 2022-02-02 11:44:23 -05:00
Kconfig integrity: fix indentation of config attributes 2023-10-31 08:22:36 -04:00
Makefile integrity: Introduce a Linux keyring called machine 2022-03-08 13:55:52 +02:00