OrgACRN
/
acrn-kernel
mirror of https://github.com/projectacrn/acrn-kernel.git
1
0
Fork 0
Code Issues Releases Wiki Activity
acrn-kernel/security
History
Mimi Zohar 143f450c6c ima: detect changes to the backing overlay file 
commit b836c4d29f2744200b2af41e14bf50758dddc818 upstream.

Commit 18b44bc5a6 ("ovl: Always reevaluate the file signature for
IMA") forced signature re-evaulation on every file access.

Instead of always re-evaluating the file's integrity, detect a change
to the backing file, by comparing the cached file metadata with the
backing file's metadata.  Verifying just the i_version has not changed
is insufficient.  In addition save and compare the i_ino and s_dev
as well.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Tested-by: Eric Snowberg <eric.snowberg@oracle.com>
Tested-by: Raul E Rangel <rrangel@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2023-11-28 17:07:12 +00:00
..
apparmor apparmor: fix invalid reference on profile->disconnected 2023-11-20 11:52:09 +01:00
bpf
integrity ima: detect changes to the backing overlay file 2023-11-28 17:07:12 +00:00
keys KEYS: trusted: Rollback init_trusted() consistently 2023-11-28 17:07:10 +00:00
landlock
loadpin
lockdown
safesetid
selinux selinux: fix handling of empty opts in selinux_fs_context_submount() 2023-09-23 11:11:11 +02:00
smack smack: Retrieve transmuting information in smack_inode_getsecurity() 2023-10-06 14:56:59 +02:00
tomoyo
yama
Kconfig
Kconfig.hardening
Makefile
commoncap.c
device_cgroup.c
inode.c
lsm_audit.c
min_addr.c
security.c vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing 2023-09-13 09:42:28 +02:00