AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-20 11:47:44 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
42a4c60319
linux_dsm_epyc7002/security/integrity/ima
History
Mimi Zohar 42a4c60319 ima: fix ima_inode_post_setattr 
Changing file metadata (eg. uid, guid) could result in having to
re-appraise a file's integrity, but does not change the "new file"
status nor the security.ima xattr.  The IMA_PERMIT_DIRECTIO and
IMA_DIGSIG_REQUIRED flags are policy rule specific.  This patch
only resets these flags, not the IMA_NEW_FILE or IMA_DIGSIG flags.

With this patch, changing the file timestamp will not remove the
file signature on new files.

Reported-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Tested-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
2016-05-01 09:23:52 -04:00
..
ima_api.c ima: define a new hook to measure and appraise a file already in memory 2016-02-20 22:35:08 -05:00
ima_appraise.c ima: fix ima_inode_post_setattr 2016-05-01 09:23:52 -04:00
ima_crypto.c ima: calculate the hash of a buffer using aynchronous hash(ahash) 2016-02-18 17:14:44 -05:00
ima_fs.c ima: measure and appraise the IMA policy itself 2016-02-21 09:34:22 -05:00
ima_init.c ima: separate 'security.ima' reading functionality from collect 2016-02-18 17:13:32 -05:00
ima_main.c ima: measure and appraise the IMA policy itself 2016-02-21 09:34:22 -05:00
ima_mok.c security/integrity: make ima/ima_mok.c explicitly non-modular 2015-12-15 10:01:43 -05:00
ima_policy.c ima: require signed IMA policy 2016-02-21 09:34:23 -05:00
ima_queue.c integrity: fix checkpatch errors 2014-03-07 12:15:45 -05:00
ima_template_lib.c ima: separate 'security.ima' reading functionality from collect 2016-02-18 17:13:32 -05:00
ima_template_lib.h ima: wrap event related data to the new ima_event_data structure 2015-05-21 13:59:28 -04:00
ima_template.c ima: separate 'security.ima' reading functionality from collect 2016-02-18 17:13:32 -05:00
ima.h ima: measure and appraise the IMA policy itself 2016-02-21 09:34:22 -05:00
Kconfig IMA: allow reading back the current IMA policy 2015-12-15 10:01:43 -05:00
Makefile IMA: create machine owner and blacklist keyrings 2015-12-15 10:01:43 -05:00