OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/security/integrity/ima
History
Dmitry Kasatkin 4e9c74a333 ima: provide flag to identify new empty files 
commit b151d6b00b upstream.

On ima_file_free(), newly created empty files are not labeled with
an initial security.ima value, because the iversion did not change.
Commit dff6efc "fs: fix iversion handling" introduced a change in
iversion behavior.  To verify this change use the shell command:

  $ (exec >foo)
  $ getfattr -h -e hex -d -m security foo

This patch defines the IMA_NEW_FILE flag.  The flag is initially
set, when IMA detects that a new file is created, and subsequently
checked on the ima_file_free() hook to set the initial security.ima
value.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2014-10-30 09:38:24 -07:00
..
Kconfig Revert "ima: define '_ima' as a builtin 'trusted' keyring" 2013-11-23 16:36:35 -08:00
Makefile ima: define template fields library and new helpers 2013-10-25 17:17:05 -04:00
ima.h ima: restore the original behavior for sending data with ima template 2014-04-26 17:19:04 -07:00
ima_api.c ima: audit log files opened with O_DIRECT flag 2014-06-26 15:15:38 -04:00
ima_appraise.c ima: provide flag to identify new empty files 2014-10-30 09:38:24 -07:00
ima_crypto.c ima: introduce ima_kernel_read() 2014-06-26 15:15:38 -04:00
ima_fs.c ima: restore the original behavior for sending data with ima template 2014-04-26 17:19:04 -07:00
ima_init.c ima: properly free ima_template_entry structures 2013-12-02 20:46:56 -05:00
ima_main.c ima: provide flag to identify new empty files 2014-10-30 09:38:24 -07:00
ima_policy.c ima: audit log files opened with O_DIRECT flag 2014-06-26 15:15:38 -04:00
ima_queue.c ima: pass the filename argument up to ima_add_template_entry() 2013-10-25 17:17:03 -04:00
ima_template.c ima: store address of template_fmt_copy in a pointer before calling strsep 2013-11-30 13:09:53 +11:00
ima_template_lib.c ima: restore the original behavior for sending data with ima template 2014-04-26 17:19:04 -07:00
ima_template_lib.h ima: extend the measurement list to include the file signature 2013-10-31 20:19:35 -04:00