linux/security
Mimi Zohar 73b49c736f evm: prohibit userspace writing 'security.evm' HMAC value
commit 2fb1c9a4f2 upstream.

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-26 15:15:38 -04:00
..
apparmor Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2013-11-21 19:46:00 -08:00
integrity evm: prohibit userspace writing 'security.evm' HMAC value 2014-06-26 15:15:38 -04:00
keys KEYS: Make the keyring cycle detector ignore other keyrings of the same name 2014-03-09 18:57:18 -07:00
selinux selinux: correctly label /proc inodes in use before the policy is loaded 2014-04-14 06:50:02 -07:00
smack Merge git://git.infradead.org/users/eparis/audit 2014-01-23 18:08:10 -08:00
tomoyo Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
yama yama: Better permission check for ptraceme 2013-03-26 13:17:58 -07:00
capability.c selinux: add gfp argument to security_xfrm_policy_alloc and fix callers 2014-03-10 08:30:02 +01:00
commoncap.c capabilities: allow nice if we are privileged 2013-08-30 23:44:09 -07:00
device_cgroup.c device_cgroup: check if exception removal is allowed 2014-06-07 10:28:19 -07:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig security: select correct default LSM_MMAP_MIN_ADDR on arm on arm64 2014-02-05 14:59:14 +00:00
lsm_audit.c Merge git://git.infradead.org/users/eparis/audit 2013-11-21 19:18:14 -08:00
Makefile security: remove erroneous comment about capabilities.o link ordering 2013-09-24 11:26:28 +10:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c selinux: add gfp argument to security_xfrm_policy_alloc and fix callers 2014-03-10 08:30:02 +01:00