Changelog v1: - remove patch 2/4 (evm: reset status in evm_inode_post_setattr()); file attributes cannot be set if the signature is portable and immutable - patch 3/4: add __ro_after_init to ima_appraise_req_evm variable declaration - patch 3/4: remove ima_appraise_req_evm kernel option and introduce 'enforce-evm' and 'log-evm' as possible values for ima_appraise= - remove patch 4/4 (ima: only audit failed appraisal verifications) - add new patch (ima: show rules with IMA_INMASK correctly) Roberto Sassu (3): evm: check hash algorithm passed to init_desc() ima: don't ignore INTEGRITY_UNKNOWN EVM status ima: show rules with IMA_INMASK correctly .../admin-guide/kernel-parameters.txt | 3 ++- security/integrity/evm/evm_crypto.c | 3 +++ security/integrity/ima/ima_appraise.c | 8 +++++++ security/integrity/ima/ima_policy.c | 21 +++++++++++-------- 4 files changed, 25 insertions(+), 10 deletions(-) -- 2.17.1
