linux

mirror of https://github.com/torvalds/linux.git synced 2024-11-27 06:31:52 +00:00

History

Mimi Zohar 42a4c60319 ima: fix ima_inode_post_setattr Changing file metadata (eg. uid, guid) could result in having to re-appraise a file's integrity, but does not change the "new file" status nor the security.ima xattr. The IMA_PERMIT_DIRECTIO and IMA_DIGSIG_REQUIRED flags are policy rule specific. This patch only resets these flags, not the IMA_NEW_FILE or IMA_DIGSIG flags. With this patch, changing the file timestamp will not remove the file signature on new files. Reported-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Tested-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>		2016-05-01 09:23:52 -04:00
..
evm	EVM: Use crypto_memneq() for digest comparisons	2016-02-12 18:36:47 +11:00
ima	ima: fix ima_inode_post_setattr	2016-05-01 09:23:52 -04:00
digsig_asymmetric.c	X.509: Make algo identifiers text instead of enum	2016-03-03 21:49:27 +00:00
digsig.c	integrity: define '.evm' as a builtin 'trusted' keyring	2015-11-23 14:30:02 -05:00
iint.c	ima: remove firmware and module specific cached status info	2016-02-21 09:06:13 -05:00
integrity_audit.c	Merge git://git.infradead.org/users/eparis/audit	2014-04-12 12:38:53 -07:00
integrity.h	ima: fix ima_inode_post_setattr	2016-05-01 09:23:52 -04:00
Kconfig	integrity: convert digsig to akcipher api	2016-02-18 14:52:32 +00:00
Makefile	integrity: make integrity files as 'integrity' module	2014-09-09 10:28:58 -04:00