Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-29 06:12:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
5f3e92657b
linux/security
History
Tyler Hicks 5f3e92657b ima: Fail rule parsing when appraise_flag=blacklist is unsupportable 
Verifying that a file hash is not blacklisted is currently only
supported for files with appended signatures (modsig).  In the future,
this might change.

For now, the "appraise_flag" option is only appropriate for appraise
actions and its "blacklist" value is only appropriate when
CONFIG_IMA_APPRAISE_MODSIG is enabled and "appraise_flag=blacklist" is
only appropriate when "appraise_type=imasig|modsig" is also present.
Make this clear at policy load so that IMA policy authors don't assume
that other uses of "appraise_flag=blacklist" are supported.

Fixes: 273df864cf ("ima: Check against blacklisted hashes for files with modsig")
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Reivewed-by: Nayna Jain <nayna@linux.ibm.com>
Tested-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2020-07-20 13:06:26 -04:00
..
apparmor linux-kselftest-kunit-5.8-rc1 2020-06-09 10:04:47 -07:00
bpf bpf: lsm: Initialize the BPF LSM hooks 2020-03-30 01:34:00 +02:00
integrity ima: Fail rule parsing when appraise_flag=blacklist is unsupportable 2020-07-20 13:06:26 -04:00
keys Notifications over pipes + Keyring notifications 2020-06-13 09:56:21 -07:00
loadpin proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid security/safesetid: Replace rcu_swap_protected() with rcu_replace_pointer() 2019-10-30 08:45:57 -07:00
selinux selinux/stable-5.8 PR 20200621 2020-06-21 15:41:24 -07:00
smack Notifications over pipes + Keyring notifications 2020-06-13 09:56:21 -07:00
tomoyo treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
yama sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
commoncap.c exec: Compute file based creds only once 2020-05-29 22:00:54 -05:00
device_cgroup.c device_cgroup: Cleanup cgroup eBPF device filter code 2020-04-13 14:41:54 -04:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
Kconfig bpf: lsm: Initialize the BPF LSM hooks 2020-03-30 01:34:00 +02:00
Kconfig.hardening meminit fix 2019-07-28 12:33:15 -07:00
lsm_audit.c security,lockdown,selinux: implement SELinux lockdown 2019-12-09 17:53:58 -05:00
Makefile device_cgroup: Cleanup cgroup eBPF device filter code 2020-04-13 14:41:54 -04:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c Add additional LSM hooks for SafeSetID 2020-06-14 11:39:31 -07:00