kernel_optimize_test/security/integrity
Mimi Zohar 42a4c60319 ima: fix ima_inode_post_setattr
Changing file metadata (eg. uid, guid) could result in having to
re-appraise a file's integrity, but does not change the "new file"
status nor the security.ima xattr.  The IMA_PERMIT_DIRECTIO and
IMA_DIGSIG_REQUIRED flags are policy rule specific.  This patch
only resets these flags, not the IMA_NEW_FILE or IMA_DIGSIG flags.

With this patch, changing the file timestamp will not remove the
file signature on new files.

Reported-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Tested-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
2016-05-01 09:23:52 -04:00
..
evm EVM: Use crypto_memneq() for digest comparisons 2016-02-12 18:36:47 +11:00
ima ima: fix ima_inode_post_setattr 2016-05-01 09:23:52 -04:00
digsig_asymmetric.c X.509: Make algo identifiers text instead of enum 2016-03-03 21:49:27 +00:00
digsig.c integrity: define '.evm' as a builtin 'trusted' keyring 2015-11-23 14:30:02 -05:00
iint.c ima: remove firmware and module specific cached status info 2016-02-21 09:06:13 -05:00
integrity_audit.c Merge git://git.infradead.org/users/eparis/audit 2014-04-12 12:38:53 -07:00
integrity.h ima: fix ima_inode_post_setattr 2016-05-01 09:23:52 -04:00
Kconfig integrity: convert digsig to akcipher api 2016-02-18 14:52:32 +00:00
Makefile integrity: make integrity files as 'integrity' module 2014-09-09 10:28:58 -04:00