system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-06 01:40:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/security/integrity/evm
History
Stefan Berger f2b3fc42f6 evm: Implement per signature type decision in security_inode_copy_up_xattr 
To support "portable and immutable signatures" on otherwise unsupported
filesystems, determine the EVM signature type by the content of a file's
xattr. If the file has the appropriate signature type then allow it to be
copied up. All other signature types are discarded as before.

"Portable and immutable" EVM signatures can be copied up by stacked file-
system since the metadata their signature covers does not include file-
system-specific data such as a file's inode number, generation, and UUID.

Co-developed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2024-04-09 17:14:57 -04:00
..
evm.h integrity: Avoid -Wflex-array-member-not-at-end warnings 2024-04-08 07:55:48 -04:00
evm_crypto.c evm: Make it independent from 'integrity' LSM 2024-02-15 23:43:47 -05:00
evm_main.c evm: Implement per signature type decision in security_inode_copy_up_xattr 2024-04-09 17:14:57 -04:00
evm_posix_acl.c
evm_secfs.c
Kconfig evm: Make it independent from 'integrity' LSM 2024-02-15 23:43:47 -05:00
Makefile