OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
887,257 Commits 4 Branches 0 Tags 2 GiB
C 97.7%
Assembly 1.3%
Makefile 0.4%
Shell 0.3%
Python 0.1%
Other 0.1%
Go to file
Roberto Sassu 74e9d920f2 evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded 
commit 9acc89d31f0c94c8e573ed61f3e4340bbd526d0c upstream.

EVM_ALLOW_METADATA_WRITES is an EVM initialization flag that can be set to
temporarily disable metadata verification until all xattrs/attrs necessary
to verify an EVM portable signature are copied to the file. This flag is
cleared when EVM is initialized with an HMAC key, to avoid that the HMAC is
calculated on unverified xattrs/attrs.

Currently EVM unnecessarily denies setting this flag if EVM is initialized
with a public key, which is not a concern as it cannot be used to trust
xattrs/attrs updates. This patch removes this limitation.

Fixes: ae1ba1676b ("EVM: Allow userland to permit modification of EVM-protected metadata")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Cc: stable@vger.kernel.org # 4.16.x
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2021-07-14 16:53:08 +02:00
Documentation evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded 2021-07-14 16:53:08 +02:00
LICENSES
arch powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() 2021-07-14 16:53:08 +02:00
block blk-mq: Swap two calls in blk_mq_exit_queue() 2021-05-19 10:08:30 +02:00
certs certs: Move load_system_certificate_list to a common function 2021-06-30 08:47:55 -04:00
crypto crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS 2021-05-11 14:04:15 +02:00
drivers rsi: fix AP mode with WPA failure due to encrypted EAPOL 2021-07-14 16:53:07 +02:00
fs ext4: use ext4_grp_locked_error in mb_find_extent 2021-07-14 16:53:03 +02:00
include tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing 2021-07-14 16:53:08 +02:00
init kbuild: add CONFIG_LD_IS_LLD 2021-06-30 08:47:44 -04:00
ipc
kernel tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing 2021-07-14 16:53:08 +02:00
lib seq_buf: Make trace_seq_putmem_hex() support data longer than 8 2021-07-14 16:53:08 +02:00
mm mm, futex: fix shared futex pgoff on shmem huge page 2021-06-30 08:47:55 -04:00
net SUNRPC: Should wake up the privileged task firstly. 2021-07-14 16:53:05 +02:00
samples samples: vfio-mdev: fix error handing in mdpy_fb_probe() 2021-06-10 13:37:03 +02:00
scripts recordmcount: Correct st_shndx handling 2021-06-30 08:47:49 -04:00
security evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded 2021-07-14 16:53:08 +02:00
sound ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too 2021-07-14 16:52:59 +02:00
tools KVM: selftests: Fix kvm_check_cap() assertion 2021-06-30 08:47:49 -04:00
usr
virt KVM: do not allow mapping valid but non-reference-counted pages 2021-06-30 08:47:50 -04:00
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Makefile Linux 5.4.131 2021-07-11 12:52:08 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.