AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
d77ccdc644
kernel_optimize_test/security/integrity
History
Mimi Zohar d77ccdc644 ima: re-evaluate files on privileged mounted filesystems 
This patch addresses the fuse privileged mounted filesystems in a "secure"
environment, with a correctly enforced security policy, which is willing
to assume the inherent risk of specific fuse filesystems that are well
defined and properly implemented.

As there is no way for the kernel to detect file changes, the kernel
ignores the cached file integrity results and re-measures, re-appraises,
and re-audits the file.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Seth Forshee <seth.forshee@canonical.com>
Cc: Dongsu Park <dongsu@kinvolk.io>
Cc: Alban Crequy <alban@kinvolk.io>
Acked-by: Serge Hallyn <serge@hallyn.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
2018-03-23 06:31:37 -04:00
..
evm EVM: Add support for portable signature format 2017-12-11 17:20:39 -05:00
ima ima: re-evaluate files on privileged mounted filesystems 2018-03-23 06:31:37 -04:00
digsig_asymmetric.c
digsig.c integrity/security: fix digsig.c build error with header file 2018-02-22 20:09:08 -08:00
iint.c IMA: Support using new creds in appraisal policy 2018-03-23 06:31:11 -04:00
integrity_audit.c
integrity.h IMA: Support using new creds in appraisal policy 2018-03-23 06:31:11 -04:00
Kconfig
Makefile