Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-09-20 15:03:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
db1d1e8b98
linux/security
History
Jeff Layton db1d1e8b98 IMA: use vfs_getattr_nosec to get the i_version 
IMA currently accesses the i_version out of the inode directly when it
does a measurement. This is fine for most simple filesystems, but can be
problematic with more complex setups (e.g. overlayfs).

Make IMA instead call vfs_getattr_nosec to get this info. This allows
the filesystem to determine whether and how to report the i_version, and
should allow IMA to work properly with a broader class of filesystems in
the future.

Reported-and-Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2023-05-23 18:07:34 -04:00
..
apparmor sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
bpf selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
integrity IMA: use vfs_getattr_nosec to get the i_version 2023-05-23 18:07:34 -04:00
keys keys: Do not cache key in task struct if key is requested from kernel thread 2023-03-21 16:22:40 +00:00
landlock selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
loadpin sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
lockdown selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
safesetid LSM: SafeSetID: Add setgroups() security policy handling 2022-07-15 18:24:42 +00:00
selinux selinux: ensure av_permissions.h is built when needed 2023-04-12 19:46:35 -04:00
smack Smack updates for v6.4 2023-04-24 11:37:24 -07:00
tomoyo One cleanup patch from Vlastimil Babka. 2023-04-24 11:33:07 -07:00
yama sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
commoncap.c selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
device_cgroup.c device_cgroup: Fix typo in devcgroup_css_alloc description 2023-03-08 17:06:06 -05:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
Kconfig Commit volume in documentation is relatively low this time, but there is 2023-04-24 12:35:49 -07:00
Kconfig.hardening randstruct: disable Clang 15 support 2023-02-08 15:26:58 -08:00
lsm_audit.c af_unix: preserve const qualifier in unix_sk() 2023-03-18 12:23:33 +00:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c lsm/stable-6.4 PR 20230420 2023-04-24 11:21:50 -07:00