[PATCH v2 0/3] ima/evm fixes for v5.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Changelog

v1:
- remove patch 2/4 (evm: reset status in evm_inode_post_setattr()); file
  attributes cannot be set if the signature is portable and immutable
- patch 3/4: add __ro_after_init to ima_appraise_req_evm variable
  declaration
- patch 3/4: remove ima_appraise_req_evm kernel option and introduce
  'enforce-evm' and 'log-evm' as possible values for ima_appraise=
- remove patch 4/4 (ima: only audit failed appraisal verifications)
- add new patch (ima: show rules with IMA_INMASK correctly)


Roberto Sassu (3):
  evm: check hash algorithm passed to init_desc()
  ima: don't ignore INTEGRITY_UNKNOWN EVM status
  ima: show rules with IMA_INMASK correctly

 .../admin-guide/kernel-parameters.txt         |  3 ++-
 security/integrity/evm/evm_crypto.c           |  3 +++
 security/integrity/ima/ima_appraise.c         |  8 +++++++
 security/integrity/ima/ima_policy.c           | 21 +++++++++++--------
 4 files changed, 25 insertions(+), 10 deletions(-)

-- 
2.17.1




[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux