Mimi Zohar 1121d461a2 evm: prohibit userspace writing 'security.evm' HMAC value ...

commit 2fb1c9a4f2 upstream.

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>

2014-07-23 13:54:49 -07:00

..

apparmor

apparmor: fix IRQ stack overflow during free_profile

2012-10-25 02:12:50 +11:00

integrity

evm: prohibit userspace writing 'security.evm' HMAC value

2014-07-23 13:54:49 -07:00

keys

Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys

2013-03-14 11:26:36 -07:00

selinux

SELinux: bigendian problems with filename trans rules

2014-03-27 13:54:28 -07:00

smack

Smack: Fix the bug smackcipso can't set CIPSO correctly

2013-10-09 08:29:10 -07:00

tomoyo

consitify do_mount() arguments

2012-10-11 20:02:04 -04:00

yama

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

2012-12-17 15:44:47 -08:00

capability.c

tun: fix LSM/SELinux labeling of tun/tap devices

2013-01-14 18:16:59 -05:00

commoncap.c

Fix cap_capable to only allow owners in the parent user namespace to have caps.

2012-12-14 13:50:32 -08:00

device_cgroup.c

security/device_cgroup: lock assert fails in dev_exception_clean()

2013-01-22 00:27:55 +11:00

inode.c

securityfs: fix object creation races

2012-01-10 10:20:35 -05:00

Kconfig

KEYS: Move the key config into security/keys/Kconfig

2012-05-11 10:56:56 +01:00

lsm_audit.c

LSM: BUILD_BUG_ON if the common_audit_data union ever grows

2012-04-09 12:23:03 -04:00

Makefile

security: Yama LSM

2012-02-10 09:18:52 +11:00

min_addr.c

mmap_min_addr check CAP_SYS_RAWIO only for write

2010-04-23 08:56:31 +10:00

security.c

tun: fix LSM/SELinux labeling of tun/tap devices

2013-01-14 18:16:59 -05:00