On Fri, 2024-02-23 at 12:25 -0500, Stefan Berger wrote:
> Unsupported filesystems currently do not enforce any signatures. Add
> support for signature enforcement of the "original" and "portable &
> immutable" signatures when EVM_INIT_X509 is enabled.
>
> The "original" signature type contains
Hi Stefan,
On Fri, 2024-02-23 at 12:25 -0500, Stefan Berger wrote:
> Rename the backing_inode variable to real_inode since it gets its value
> from real_inode().
>
> Suggested-by: Amir Goldstein
> Co-developed-by: Mimi Zohar
> Signed-off-by: Stefan Berger
> Acked-by: Amir Goldstein
Thanks
On Fri, 2024-02-23 at 12:25 -0500, Stefan Berger wrote:
> Copying up xattrs is solely based on the security xattr name. For finer
> granularity add a dentry parameter to the security_inode_copy_up_xattr
> hook definition, allowing decisions to be based on the xattr content as
> well.
>
>
On Fri, 2024-02-23 at 12:25 -0500, Stefan Berger wrote:
> Changes to file attributes (mode bits, uid, gid) on the lower layer are
> not taken into account when d_backing_inode() is used when a file is
> accessed on the overlay layer and this file has not yet been copied up.
> This is because
On Fri, 2024-02-23 at 12:25 -0500, Stefan Berger wrote:
> Rename is_unsupported_fs to is_unsupported_hmac_fs since now only HMAC is
> unsupported.
>
> Co-developed-by: Mimi Zohar
> Signed-off-by: Stefan Berger
Signed-off-by: Mimi Zohar
On Fri, 2024-02-23 at 12:25 -0500, Stefan Berger wrote:
> Now that EVM supports RSA signatures for previously completely
> unsupported filesystems rename the flag SB_I_EVM_UNSUPPORTED to
> SB_I_EVM_HMAC_UNSUPPORTED to reflect that only HMAC is not supported.
>
> Suggested-by: Amir Goldstein
>
> @@ -286,7 +288,8 @@ static int process_measurement(struct file *file, const
> struct cred *cred,
> }
>
> /*
> - * On stacked filesystems, detect and re-evaluate file data changes.
> + * On stacked filesystems, detect and re-evaluate file data and
> + * metadata
On Fri, 2024-02-23 at 12:25 -0500, Stefan Berger wrote:
> To support "portable and immutable signatures" on otherwise unsupported
> filesystems, determine the EVM signature type by the content of a file's
> xattr. If the file has the appropriate signature type then allow it to be
> copied up. All
On Tue Mar 19, 2024 at 11:38 PM EET, Jarkko Sakkinen wrote:
> On Tue Mar 19, 2024 at 9:57 PM EET, Jarkko Sakkinen wrote:
> > On Wed Mar 13, 2024 at 7:02 PM EET, Adam Alves wrote:
> > > Hi Jarkko,
> > >
> > > Thank you very much for kindly reviewing this proposal.
> > >
> > > After one week without
On Tue Mar 19, 2024 at 9:57 PM EET, Jarkko Sakkinen wrote:
> On Wed Mar 13, 2024 at 7:02 PM EET, Adam Alves wrote:
> > Hi Jarkko,
> >
> > Thank you very much for kindly reviewing this proposal.
> >
> > After one week without any issues with my PC hanging, it happened
> > again. It seems that the
Add TPM driver test suite URL to the MAINTAINERS files and move the wiki
URL to more appropriate location.
Link: https://gitlab.com/jarkkojs/linux-tpmdd-test
Link: https://kernsec.org/wiki/index.php/Linux_Kernel_Integrity
Cc: Jason Gunthorpe
Cc: Mimi Zohar
Cc: Peter Huewe
Cc:
On Tue Feb 27, 2024 at 8:22 PM EET, Jarkko Sakkinen wrote:
> On Mon Feb 26, 2024 at 12:11 PM EET, James Bottomley wrote:
> > On Mon, 2024-02-26 at 11:26 +0200, Jarkko Sakkinen wrote:
> > > On Mon Feb 26, 2024 at 8:49 AM EET, James Bottomley wrote:
> > > > On Mon, 2024-02-26 at 08:22 +0200, Jarkko
On Thu Mar 14, 2024 at 6:31 PM EET, Adam Alves wrote:
> Hi Jarkko,
>
> I have an update here. I would like you to check if it makes sense
> before I submit a patch.
>
> The problem might be related to the chip itself which leaves the idle
> state whenever the locality is relinquished.
There's no
On Wed Mar 13, 2024 at 7:02 PM EET, Adam Alves wrote:
> Hi Jarkko,
>
> Thank you very much for kindly reviewing this proposal.
>
> After one week without any issues with my PC hanging, it happened
> again. It seems that the fix I am proposing is not final (it only
> reduced the frequency since it
On 18.03.2024 18:42, Dmitry Kasatkin wrote:
[...]
>> To address this issue, change the project license to GPL-2.0-or-later
>> and libimaevm to LGPL 2.0 or later.
Acked-by: Alberto Mardegan
--
С уважением,
Альберто Мардеган
Ведущий разработчик
https://auroraos.ru/
15 matches
Mail list logo