linux/security
Mimi Zohar 73b49c736f evm: prohibit userspace writing 'security.evm' HMAC value
commit 2fb1c9a4f2 upstream.

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-26 15:15:38 -04:00
..
apparmor Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2013-11-21 19:46:00 -08:00
integrity evm: prohibit userspace writing 'security.evm' HMAC value 2014-06-26 15:15:38 -04:00
keys KEYS: Make the keyring cycle detector ignore other keyrings of the same name 2014-03-09 18:57:18 -07:00
selinux selinux: correctly label /proc inodes in use before the policy is loaded 2014-04-14 06:50:02 -07:00
smack Merge git://git.infradead.org/users/eparis/audit 2014-01-23 18:08:10 -08:00
tomoyo
yama
capability.c selinux: add gfp argument to security_xfrm_policy_alloc and fix callers 2014-03-10 08:30:02 +01:00
commoncap.c
device_cgroup.c device_cgroup: check if exception removal is allowed 2014-06-07 10:28:19 -07:00
inode.c
Kconfig security: select correct default LSM_MMAP_MIN_ADDR on arm on arm64 2014-02-05 14:59:14 +00:00
lsm_audit.c Merge git://git.infradead.org/users/eparis/audit 2013-11-21 19:18:14 -08:00
Makefile
min_addr.c
security.c selinux: add gfp argument to security_xfrm_policy_alloc and fix callers 2014-03-10 08:30:02 +01:00