Hi Linus,
The Integrity pull request for v5.15 contains only IMA changes:
- Limit the allowed hash algorithms when writing security.ima xattrs or
verifying them, based on the IMA policy and the configured hash
algorithms.
- Return the calculated "critical data" measurement hash and size to
avoid code duplication. (Preparatory change for a proposed LSM.)
[Stephen Rothwell addressed a merge conflict between the new device
mapper "critical data" measurements (drivers/md/dm-ima.c) and extending
the "critical data" measurement function.]
- and a single patch to address a compiler warning.
thanks,
Mimi
The following changes since commit 2734d6c1b1a089fb593ef6a23d4b70903526fe0c:
Linux 5.14-rc2 (2021-07-18 14:13:49 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.15
for you to fetch changes up to cb181da161963eddc9de0000de6ab2c7942be219:
IMA: reject unknown hash algorithms in ima_get_hash_algo (2021-08-23 18:22:00 -0400)
----------------------------------------------------------------
integrity-v5.15
----------------------------------------------------------------
Austin Kim (1):
IMA: remove -Wmissing-prototypes warning
Mimi Zohar (2):
Merge branch 'ima-buffer-measurement-changes-v4' into next-integrity
Merge branch 'restrict-digest-alg-v8' into next-integrity
Roberto Sassu (3):
ima: Introduce ima_get_current_hash_algo()
ima: Return int in the functions to measure a buffer
ima: Add digest and digest_len params to the functions to measure a buffer
THOBY Simon (7):
IMA: remove the dependency on CRYPTO_MD5
IMA: block writes of the security.ima xattr with unsupported algorithms
IMA: add support to restrict the hash algorithms used for file appraisal
IMA: add a policy option to restrict xattr hash algorithms on appraisal
IMA: introduce a new policy option func=SETXATTR_CHECK
IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms
IMA: reject unknown hash algorithms in ima_get_hash_algo
Documentation/ABI/testing/ima_policy | 15 ++-
include/linux/ima.h | 23 +++-
security/integrity/ima/Kconfig | 1 -
security/integrity/ima/ima.h | 24 ++--
security/integrity/ima/ima_api.c | 6 +-
security/integrity/ima/ima_appraise.c | 78 ++++++++++--
security/integrity/ima/ima_asymmetric_keys.c | 2 +-
security/integrity/ima/ima_init.c | 3 +-
security/integrity/ima/ima_main.c | 89 ++++++++++----
security/integrity/ima/ima_mok.c | 2 +-
security/integrity/ima/ima_policy.c | 174 ++++++++++++++++++++++++---
security/integrity/ima/ima_queue_keys.c | 2 +-
security/selinux/ima.c | 6 +-
13 files changed, 350 insertions(+), 75 deletions(-)
