linux/security/integrity/evm
Sascha Hauer 70946c4ac2 evm: check for remount ro in progress before writing
EVM might update the evm xattr while the VFS performs a remount to
readonly mode. This is not properly checked for, additionally check
the s_readonly_remount superblock flag before writing.

The bug can for example be observed with UBIFS. UBIFS checks the free
space on the device before and after a remount. With EVM enabled the
free space sometimes differs between both checks.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2018-03-25 07:26:31 -04:00
..
evm_crypto.c evm: Move evm_hmac and evm_hash from evm_main.c to evm_crypto.c 2018-03-23 06:31:37 -04:00
evm_main.c evm: check for remount ro in progress before writing 2018-03-25 07:26:31 -04:00
evm_posix_acl.c ima: fix script messages 2013-10-25 13:17:19 -04:00
evm_secfs.c EVM: Allow userland to permit modification of EVM-protected metadata 2017-12-11 14:27:31 -05:00
evm.h evm: Move evm_hmac and evm_hash from evm_main.c to evm_crypto.c 2018-03-23 06:31:37 -04:00
Kconfig evm: EVM_LOAD_X509 depends on EVM 2015-12-15 09:57:21 -05:00
Makefile