On 6/8/2024 6:54 AM, Alexei Starovoitov wrote:
> On Sat, Jun 8, 2024 at 1:04 AM Xu Kuohai wrote:
>> On 6/7/2024 5:53 AM, Paul Moore wrote:
>>> On Thu, Apr 11, 2024 at 8:24 AM Xu Kuohai wrote:
From: Xu Kuohai
Add macro LSM_RET_INT to annotate lsm hook return integer type and the
>>
On 5/21/2024 5:57 PM, Edward Liaw wrote:
> _GNU_SOURCE is provided by lib.mk, so it should be dropped to prevent
> redefinition warnings.
>
> Reviewed-by: John Hubbard
> Reviewed-by: Muhammad Usama Anjum
> Signed-off-by: Edward Liaw
Acked-by: Casey Schaufler
> ---
>
nd EVM keys at boot, and for
> creating the integrity directory in securityfs (we need to keep it for
> retrocompatibility reasons).
>
> Signed-off-by: Roberto Sassu
Reviewed-by: Casey Schaufler
> ---
> include/linux/integrity.h | 14 ---
> security/integrity/iint.c |
ctively with ima_inode_get() and ima_iint_find().
>
> Finally, move the remaining IMA-specific flags
> to security/integrity/ima/ima.h, since they are now unnecessary in the
> common integrity layer.
>
> Signed-off-by: Roberto Sassu
Reviewed-by: Casey Schaufler 4
>
; Finally, switch to the LSM reservation mechanism for the EVM xattr, and
> consequently decrement by one the number of xattrs to allocate in
> security_inode_init_security().
>
> Signed-off-by: Roberto Sassu
Reviewed-by: Casey Schaufler
> ---
> include/linux/evm.h
ns as static and register them as hook implementations in
> init_ima_appraise_lsm(), called by init_ima_lsm().
>
> Also move the inline function ima_inode_remove_acl() from the public ima.h
> header to ima_appraise.c.
>
> Signed-off-by: Roberto Sassu
> Reviewed-by: Stefan Berge
reiserfs xattrs, XFS scrub
> and kernel-internal tmpfs files.
>
> Conditionally register ima_post_key_create_or_update() if
> CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS is enabled. Also, conditionally register
> ima_kernel_module_request() if CONFIG_INTEGRITY_ASYMMETRIC_KEYS is enabled.
>
> Fi
On 1/16/2024 9:33 AM, Al Viro wrote:
> On Tue, Jan 16, 2024 at 08:51:11AM -0800, Casey Schaufler wrote:
>> On 1/16/2024 12:47 AM, Roberto Sassu wrote:
>>> On Mon, 2024-01-15 at 19:15 +, Al Viro wrote:
>>>> On Mon, Jan 15, 2024 at 07:17:57PM +0100, Roberto Sassu wr
On 1/16/2024 12:47 AM, Roberto Sassu wrote:
> On Mon, 2024-01-15 at 19:15 +, Al Viro wrote:
>> On Mon, Jan 15, 2024 at 07:17:57PM +0100, Roberto Sassu wrote:
>>> From: Roberto Sassu
>>>
>>> In preparation for moving IMA and EVM to the LSM infrastructure, introduce
>>> the file_release hook.
>>
On 12/27/2023 11:52 AM, Mimi Zohar wrote:
> On Tue, 2023-12-26 at 12:14 -0800, Casey Schaufler wrote:
>> On 12/26/2023 10:14 AM, Mimi Zohar wrote:
>>> On Thu, 2023-12-14 at 18:08 +0100, Roberto Sassu wrote:
>>>> From: Roberto Sassu
>>>>
>>>
On 12/26/2023 10:14 AM, Mimi Zohar wrote:
> On Thu, 2023-12-14 at 18:08 +0100, Roberto Sassu wrote:
>> From: Roberto Sassu
>>
>> Move hardcoded IMA function calls (not appraisal-specific functions) from
>> various places in the kernel to the LSM infrastructure, by introducing a
>> new LSM named 'i
e commit to move IMA to the LSM infrastructure),
> evm_inode_post_setattr(), evm_inode_post_set_acl(),
> evm_inode_post_remove_acl(), and evm_inode_post_removexattr() are not
> executed for private inodes.
>
> Finally, add the LSM_ID_EVM case in lsm_list_modules_tes
On 12/14/2023 9:08 AM, Roberto Sassu wrote:
> From: Roberto Sassu
>
> In preparation for moving IMA and EVM to the LSM infrastructure, introduce
> the file_release hook.
>
> IMA calculates at file close the new digest of the file content and writes
> it to security.ima, so that appraisal at next f
.
>
> Signed-off-by: Roberto Sassu
> Reviewed-by: Stefan Berger
> Reviewed-by: Mimi Zohar
Reviewed-by: Casey Schaufler
> ---
> fs/xattr.c| 9 +
> include/linux/lsm_hook_defs.h | 2 ++
> include/linux/security.h | 5 +
> securit
14 matches
Mail list logo