linux

mirror of https://github.com/hardkernel/linux.git synced 2026-03-25 03:50:24 +09:00

Files

Mimi Zohar 28fffa9066 Revert "ima: limit file hash setting by user to fix and log modes"

commit f5acb3dcba upstream.

Userspace applications have been modified to write security xattrs,
but they are not context aware.  In the case of security.ima, the
security xattr can be either a file hash or a file signature.
Permitting writing one, but not the other requires the application to
be context aware.

In addition, userspace applications might write files to a staging
area, which might not be in policy, and then change some file metadata
(eg. owner) making it in policy.  As a result, these files are not
labeled properly.

This reverts commit c68ed80c97, which
prevents writing file hashes as security.ima xattrs.

Requested-by: Patrick Ohly <patrick.ohly@intel.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2018-06-06 16:44:33 +02:00

evm

xattr: Add __vfs_{get,set,remove}xattr helpers

2016-10-07 20:10:44 -04:00

ima

Revert "ima: limit file hash setting by user to fix and log modes"

2018-06-06 16:44:33 +02:00

digsig_asymmetric.c

X.509: Make algo identifiers text instead of enum

2016-03-03 21:49:27 +00:00

digsig.c

integrity/security: fix digsig.c build error with header file