[GIT PULL] integrity subsystem updates for v5.15

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Linus,
  
The Integrity pull request for v5.15 contains only IMA changes:

- Limit the allowed hash algorithms when writing security.ima xattrs or
verifying them, based on the IMA policy and the configured hash
algorithms.

- Return the calculated "critical data" measurement hash and size to
avoid code duplication.  (Preparatory change for a proposed LSM.)

[Stephen Rothwell addressed a merge conflict between the new device
mapper "critical data" measurements (drivers/md/dm-ima.c) and extending
the "critical data" measurement function.]

- and a single patch to address a compiler warning.

thanks,

Mimi

The following changes since commit 2734d6c1b1a089fb593ef6a23d4b70903526fe0c:

  Linux 5.14-rc2 (2021-07-18 14:13:49 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.15

for you to fetch changes up to cb181da161963eddc9de0000de6ab2c7942be219:

  IMA: reject unknown hash algorithms in ima_get_hash_algo (2021-08-23 18:22:00 -0400)

----------------------------------------------------------------
integrity-v5.15

----------------------------------------------------------------
Austin Kim (1):
      IMA: remove -Wmissing-prototypes warning

Mimi Zohar (2):
      Merge branch 'ima-buffer-measurement-changes-v4' into next-integrity
      Merge branch 'restrict-digest-alg-v8' into next-integrity

Roberto Sassu (3):
      ima: Introduce ima_get_current_hash_algo()
      ima: Return int in the functions to measure a buffer
      ima: Add digest and digest_len params to the functions to measure a buffer

THOBY Simon (7):
      IMA: remove the dependency on CRYPTO_MD5
      IMA: block writes of the security.ima xattr with unsupported algorithms
      IMA: add support to restrict the hash algorithms used for file appraisal
      IMA: add a policy option to restrict xattr hash algorithms on appraisal
      IMA: introduce a new policy option func=SETXATTR_CHECK
      IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms
      IMA: reject unknown hash algorithms in ima_get_hash_algo

 Documentation/ABI/testing/ima_policy         |  15 ++-
 include/linux/ima.h                          |  23 +++-
 security/integrity/ima/Kconfig               |   1 -
 security/integrity/ima/ima.h                 |  24 ++--
 security/integrity/ima/ima_api.c             |   6 +-
 security/integrity/ima/ima_appraise.c        |  78 ++++++++++--
 security/integrity/ima/ima_asymmetric_keys.c |   2 +-
 security/integrity/ima/ima_init.c            |   3 +-
 security/integrity/ima/ima_main.c            |  89 ++++++++++----
 security/integrity/ima/ima_mok.c             |   2 +-
 security/integrity/ima/ima_policy.c          | 174 ++++++++++++++++++++++++---
 security/integrity/ima/ima_queue_keys.c      |   2 +-
 security/selinux/ima.c                       |   6 +-
 13 files changed, 350 insertions(+), 75 deletions(-)




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux