malhuda/msm-4.14
1
0
Fork 0
mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
msm-4.14/security
History
Mimi Zohar f5acb3dcba Revert "ima: limit file hash setting by user to fix and log modes" 
Userspace applications have been modified to write security xattrs,
but they are not context aware.  In the case of security.ima, the
security xattr can be either a file hash or a file signature.
Permitting writing one, but not the other requires the application to
be context aware.

In addition, userspace applications might write files to a staging
area, which might not be in policy, and then change some file metadata
(eg. owner) making it in policy.  As a result, these files are not
labeled properly.

This reverts commit c68ed80c97d9720f51ef31fe91560fdd1e121533, which
prevents writing file hashes as security.ima xattrs.

Requested-by: Patrick Ohly <patrick.ohly@intel.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2016-11-13 22:50:09 -05:00
..
apparmor
fs: Replace CURRENT_TIME with current_time() for inode timestamps
2016-09-27 21:06:21 -04:00
integrity
Revert "ima: limit file hash setting by user to fix and log modes"
2016-11-13 22:50:09 -05:00
keys
security/keys: make BIG_KEYS dependent on stdrng.
2016-10-27 16:03:33 +11:00
loadpin
LSM: LoadPin: provide enablement CONFIG
2016-05-17 20:10:30 +10:00
selinux
mm: Change vm_is_stack_for_task() to vm_is_stack_for_current()
2016-10-20 09:21:41 +02:00
smack
Merge branch 'work.xattr' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-10-10 17:11:50 -07:00
tomoyo
mm: replace get_user_pages_remote() write/force parameters with gup_flags
2016-10-19 08:12:02 -07:00
yama
Yama: fix double-spinlock and user access in atomic context
2016-05-26 09:56:18 +10:00
commoncap.c
xattr: Add __vfs_{get,set,remove}xattr helpers
2016-10-07 20:10:44 -04:00
device_cgroup.c
security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition
2015-09-03 18:13:10 -07:00
inode.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-10-10 20:16:43 -07:00
Kconfig
- force check_object_size() to be inline too
2016-09-07 14:03:49 -07:00
lsm_audit.c
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
2016-10-04 14:48:27 -07:00
Makefile
LSM: LoadPin for kernel file loading restrictions
2016-04-21 10:47:27 +10:00
min_addr.c
security.c
security, overlayfs: Provide hook to correctly label newly created files
2016-08-08 20:46:46 -04:00