OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/security
History
Dmitry Kasatkin 4e9c74a333 ima: provide flag to identify new empty files 
commit b151d6b00b upstream.

On ima_file_free(), newly created empty files are not labeled with
an initial security.ima value, because the iversion did not change.
Commit dff6efc "fs: fix iversion handling" introduced a change in
iversion behavior.  To verify this change use the shell command:

  $ (exec >foo)
  $ getfattr -h -e hex -d -m security foo

This patch defines the IMA_NEW_FILE flag.  The flag is initially
set, when IMA detects that a new file is created, and subsequently
checked on the ima_file_free() hook to set the initial security.ima
value.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2014-10-30 09:38:24 -07:00
..
apparmor Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2013-11-21 19:46:00 -08:00
integrity ima: provide flag to identify new empty files 2014-10-30 09:38:24 -07:00
keys KEYS: Make the keyring cycle detector ignore other keyrings of the same name 2014-03-09 18:57:18 -07:00
selinux selinux: correctly label /proc inodes in use before the policy is loaded 2014-04-14 06:50:02 -07:00
smack Merge git://git.infradead.org/users/eparis/audit 2014-01-23 18:08:10 -08:00
tomoyo Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
yama yama: Better permission check for ptraceme 2013-03-26 13:17:58 -07:00
Kconfig security: select correct default LSM_MMAP_MIN_ADDR on arm on arm64 2014-02-05 14:59:14 +00:00
Makefile security: remove erroneous comment about capabilities.o link ordering 2013-09-24 11:26:28 +10:00
capability.c selinux: add gfp argument to security_xfrm_policy_alloc and fix callers 2014-03-10 08:30:02 +01:00
commoncap.c CAPABILITIES: remove undefined caps from all processes 2014-09-17 09:19:09 -07:00
device_cgroup.c device_cgroup: check if exception removal is allowed 2014-06-07 10:28:19 -07:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
lsm_audit.c Merge git://git.infradead.org/users/eparis/audit 2013-11-21 19:18:14 -08:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c selinux: add gfp argument to security_xfrm_policy_alloc and fix callers 2014-03-10 08:30:02 +01:00