leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d77ccdc644
linux/security
History
Mimi Zohar d77ccdc644 ima: re-evaluate files on privileged mounted filesystems 
This patch addresses the fuse privileged mounted filesystems in a "secure"
environment, with a correctly enforced security policy, which is willing
to assume the inherent risk of specific fuse filesystems that are well
defined and properly implemented.

As there is no way for the kernel to detect file changes, the kernel
ignores the cached file integrity results and re-measures, re-appraises,
and re-audits the file.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Seth Forshee <seth.forshee@canonical.com>
Cc: Dongsu Park <dongsu@kinvolk.io>
Cc: Alban Crequy <alban@kinvolk.io>
Acked-by: Serge Hallyn <serge@hallyn.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
2018-03-23 06:31:37 -04:00
..
apparmor usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill 2018-03-07 09:05:53 +11:00
integrity ima: re-evaluate files on privileged mounted filesystems 2018-03-23 06:31:37 -04:00
keys KEYS: Use individual pages in big_key for crypto buffers 2018-02-22 14:58:38 +00:00
loadpin security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
selinux security: Add a cred_getsecid hook 2018-03-23 06:31:11 -04:00
smack security: Add a cred_getsecid hook 2018-03-23 06:31:11 -04:00
tomoyo vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
yama pids: introduce find_get_task_by_vpid() helper 2018-02-06 18:32:46 -08:00
commoncap.c capabilities: fix buffer overread on very short xattr 2018-01-02 20:49:13 +11:00
device_cgroup.c device_cgroup: prepare code for bpf-based device controller 2017-11-05 23:26:51 +09:00
inode.c securityfs: add the ability to support symlinks 2017-06-08 12:51:43 -07:00
Kconfig Currently, hardened usercopy performs dynamic bounds checking on slab 2018-02-03 16:25:42 -08:00
lsm_audit.c lsm_audit: update my email address 2017-08-17 15:33:39 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c security: Add a cred_getsecid hook 2018-03-23 06:31:11 -04:00