Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-25 21:51:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
f20765fdfd
linux/security
History
Eric Snowberg f20765fdfd integrity: Always reference the blacklist keyring with appraisal 
Commit 273df864cf ("ima: Check against blacklisted hashes for files with
modsig") introduced an appraise_flag option for referencing the blacklist
keyring.  Any matching binary found on this keyring fails signature
validation. This flag only works with module appended signatures.

An important part of a PKI infrastructure is to have the ability to do
revocation at a later time should a vulnerability be found.  Expand the
revocation flag usage to all appraisal functions. The flag is now
enabled by default. Setting the flag with an IMA policy has been
deprecated. Without a revocation capability like this in place, only
authenticity can be maintained. With this change, integrity can now be
achieved with digital signature based IMA appraisal.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2023-08-01 08:17:25 -04:00
..
apparmor + Bug Fixes 2023-07-07 09:55:31 -07:00
bpf selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
integrity integrity: Always reference the blacklist keyring with appraisal 2023-08-01 08:17:25 -04:00
keys security: keys: perform capable check only on privileged operations 2023-07-28 18:07:41 +00:00
landlock hostfs: Fix ephemeral inodes 2023-06-12 21:26:19 +02:00
loadpin sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
lockdown selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
safesetid SafeSetID: fix UID printed instead of GID 2023-06-20 20:26:00 -04:00
selinux selinux: avoid bool as identifier name 2023-06-05 17:04:01 -04:00
smack smack: Record transmuting in smk_transmuted 2023-05-11 10:05:39 -07:00
tomoyo mm/gup: remove vmas parameter from get_user_pages_remote() 2023-06-09 16:25:26 -07:00
yama sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
commoncap.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
Kconfig mm/slab: remove HAVE_HARDENED_USERCOPY_ALLOCATOR 2023-05-24 15:38:17 +02:00
Kconfig.hardening randstruct: disable Clang 15 support 2023-02-08 15:26:58 -08:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c lsm/stable-6.5 PR 20230626 2023-06-27 17:24:26 -07:00