forked from Minki/linux
a60c538ed2
-----BEGIN PGP SIGNATURE----- iQJIBAABCAAyFiEEjSMCCC7+cjo3nszSa3kkZrA+cVoFAmDY+ykUHHpvaGFyQGxp bnV4LmlibS5jb20ACgkQa3kkZrA+cVoEpg/+LalOM88YDTFNSpAlzEr31pyDU30p xB9xMyN7lgJcsuGeKWyt+gjEoTR53+JQeaGHgTo8uG4pCto7wBIAOttwkHV5O0Re QUQC++nc6jqgn2tRi/V+UV0plgJMV0Xt4ucGS+gH8hujvih4vQ+X3RFJasAy1ZWS 1aWOev8wLkwfwU5YsOX+7OZE0qgH4QCh+i6SF402dpMUV1n/2hbFjcV1qOtvgDfS 7KHJYZfTV5yPfk0i5nSpwsfctthQJ5+ADdGBIwp03iH6amBZ3pvAwvbPGxE9TM4M teVIOU0BwMj5LiVvlXApbpA0k8N3e0TU+Rqgyr7hQHOYBBOxye+eZlV5SjHhfeuf n9jCuHGEIzeQNicR+R2PHqnAC/1HEeyb4V/2+vGfIXM593CzqoMD5ITL+PLi5bA3 5ONeLW1n2Tsi85xbUO9dH5wvgAd9HaHGRcxCOr3nT6qbwiCiKiEpkiArGNgTrsR3 22OGji9d6WR6maMpRdCIlFZCAoOmMjNMftV3CaAIHCkysHmV7hYh3/hNbk9Syg5+ 7y6fFxiyTjhKA3WOAcnTXlOIuVGYmFknmla66Z80XzZ3dHUlElOt4sXJfKekRmZz i/jECFcCuCOgfZTxzZ1FUIRJ+lumlq5J8mu0kWtbEyamjgXWl4Ustx6ae86tg6al uhQULzRTISHQG3M= =M7c5 -----END PGP SIGNATURE----- Merge tag 'integrity-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity Pull integrity subsystem updates from Mimi Zohar: "The large majority of the changes are EVM portable & immutable signature related: removing a dependency on loading an HMAC key, safely allowing file metadata included in the EVM portable & immutable signatures to be modified, allowing EVM signatures to fulfill IMA file signature policy requirements, including the EVM file metadata signature in lieu of an IMA file data signature in the measurement list, and adding dynamic debugging of EVM file metadata. In addition, in order to detect critical data or file change reversions, duplicate measurement records are permitted in the IMA measurement list. The remaining patches address compiler, sparse, and doc warnings" * tag 'integrity-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: (31 commits) evm: Check xattr size discrepancy between kernel and user evm: output EVM digest calculation info IMA: support for duplicate measurement records ima: Fix warning: no previous prototype for function 'ima_add_kexec_buffer' ima: differentiate between EVM failures in the audit log ima: Fix fall-through warning for Clang ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect() ima: Include header defining ima_post_key_create_or_update() ima/evm: Fix type mismatch ima: Set correct casting types doc: Fix warning in Documentation/security/IMA-templates.rst evm: Don't return an error in evm_write_xattrs() if audit is not enabled ima: Define new template evm-sig ima: Define new template fields xattrnames, xattrlengths and xattrvalues evm: Verify portable signatures against all protected xattrs ima: Define new template field imode ima: Define new template fields iuid and igid ima: Add ima_show_template_uint() template library function ima: Don't remove security.ima if file must not be appraised ima: Introduce template field evmsig and write to field sig as fallback ... |
||
---|---|---|
.. | ||
apparmor | ||
bpf | ||
integrity | ||
keys | ||
landlock | ||
loadpin | ||
lockdown | ||
safesetid | ||
selinux | ||
smack | ||
tomoyo | ||
yama | ||
commoncap.c | ||
device_cgroup.c | ||
inode.c | ||
Kconfig | ||
Kconfig.hardening | ||
lsm_audit.c | ||
Makefile | ||
min_addr.c | ||
security.c |