Mimi Zohar 12a38b8f1d evm: prohibit userspace writing 'security.evm' HMAC value ...

commit 2fb1c9a4f2 upstream.

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2014-06-26 15:10:28 -04:00

..

apparmor

lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data'

2012-04-03 09:49:59 -07:00

integrity

evm: prohibit userspace writing 'security.evm' HMAC value

2014-06-26 15:10:28 -04:00

keys

key: Fix resource leak

2013-03-28 12:12:27 -07:00

selinux

selinux: correctly label /proc inodes in use before the policy is loaded

2014-04-14 06:44:17 -07:00

smack

Smack: move label list initialization

2012-04-18 12:02:28 +10:00

tomoyo

usermodehelper: use UMH_WAIT_PROC consistently

2012-03-23 16:58:41 -07:00

yama

Yama: handle 32-bit userspace prctl

2012-10-07 08:32:28 -07:00

capability.c

security: create task_free security callback

2012-02-10 09:14:51 +11:00

commoncap.c

security: fix compile error in commoncap.c

2012-04-19 12:56:39 +10:00

device_cgroup.c

cgroup: remove cgroup_subsys argument from callbacks

2012-02-02 09:20:22 -08:00

inode.c

securityfs: fix object creation races

2012-01-10 10:20:35 -05:00

Kconfig

security: Yama LSM

2012-02-10 09:18:52 +11:00

lsm_audit.c

lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data'

2012-04-03 09:49:59 -07:00

Makefile

security: Yama LSM

2012-02-10 09:18:52 +11:00

min_addr.c

mmap_min_addr check CAP_SYS_RAWIO only for write

2010-04-23 08:56:31 +10:00

security.c

security: trim security.h

2012-02-14 10:45:42 +11:00