leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5f3e92657b
linux/security/integrity
History
Tyler Hicks 5f3e92657b ima: Fail rule parsing when appraise_flag=blacklist is unsupportable 
Verifying that a file hash is not blacklisted is currently only
supported for files with appended signatures (modsig).  In the future,
this might change.

For now, the "appraise_flag" option is only appropriate for appraise
actions and its "blacklist" value is only appropriate when
CONFIG_IMA_APPRAISE_MODSIG is enabled and "appraise_flag=blacklist" is
only appropriate when "appraise_type=imasig|modsig" is also present.
Make this clear at policy load so that IMA policy authors don't assume
that other uses of "appraise_flag=blacklist" are supported.

Fixes: 273df864cf ("ima: Check against blacklisted hashes for files with modsig")
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Reivewed-by: Nayna Jain <nayna@linux.ibm.com>
Tested-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2020-07-20 13:06:26 -04:00
..
evm integrity-v5.8 2020-06-06 09:39:05 -07:00
ima ima: Fail rule parsing when appraise_flag=blacklist is unsupportable 2020-07-20 13:06:26 -04:00
platform_certs EFI updates for v5.7: 2020-02-26 15:21:22 +01:00
digsig_asymmetric.c integrity: Remove duplicate pr_fmt definitions 2020-02-28 14:32:58 -05:00
digsig.c integrity: Remove duplicate pr_fmt definitions 2020-02-28 14:32:58 -05:00
iint.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
integrity_audit.c integrity: Add errno field in audit message 2020-07-16 21:48:11 -04:00
integrity.h integrity: Add errno field in audit message 2020-07-16 21:48:11 -04:00
Kconfig powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00
Makefile powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00