* [GIT PULL] security subsystem: Integrity updates for v4.19
@ 2018-08-15 22:48 ` James Morris
0 siblings, 0 replies; 2+ messages in thread
From: James Morris @ 2018-08-15 22:48 UTC (permalink / raw)
To: Linus Torvalds; +Cc: linux-security-module, linux-kernel
From Mimi Zohar:
"This pull request adds support for EVM signatures based on larger
digests, contains a new audit record AUDIT_INTEGRITY_POLICY_RULE to
differentiate the IMA policy rules from the IMA-audit messages,
addresses two deadlocks due to either loading or searching for crypto
algorithms, and cleans up the audit messages."
The following changes since commit 87ea58433208d17295e200d56be5e2a4fe4ce7d6:
security: check for kstrdup() failure in lsm_append() (2018-07-17 21:27:06 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-integrity
for you to fetch changes up to 3dd0f18c70d94ca2432c78c5735744429f071b0b:
EVM: fix return value check in evm_write_xattrs() (2018-07-22 14:49:11 -0400)
----------------------------------------------------------------
Matthew Garrett (2):
evm: Don't deadlock if a crypto algorithm is unavailable
evm: Allow non-SHA1 digital signatures
Mikhail Kurinnoi (1):
integrity: prevent deadlock during digsig verification.
Stefan Berger (4):
ima: Call audit_log_string() rather than logging it untrusted
ima: Use audit_log_format() rather than audit_log_string()
ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set
ima: Differentiate auditing policy rules from "audit" actions
Sudeep Holla (1):
integrity: silence warning when CONFIG_SECURITYFS is not enabled
Wei Yongjun (1):
EVM: fix return value check in evm_write_xattrs()
crypto/api.c | 2 +-
include/linux/crypto.h | 5 ++++
include/linux/integrity.h | 13 +++++++++
include/uapi/linux/audit.h | 1 +
security/integrity/digsig_asymmetric.c | 23 ++++++++++++++++
security/integrity/evm/Kconfig | 1 +
security/integrity/evm/evm.h | 10 +++++--
security/integrity/evm/evm_crypto.c | 50 ++++++++++++++++++----------------
security/integrity/evm/evm_main.c | 19 ++++++++-----
security/integrity/evm/evm_secfs.c | 4 +--
security/integrity/iint.c | 9 ++++--
security/integrity/ima/Kconfig | 1 +
security/integrity/ima/ima_policy.c | 9 ++++--
security/integrity/integrity.h | 15 ++++++++++
security/integrity/integrity_audit.c | 6 +---
security/security.c | 7 ++++-
16 files changed, 128 insertions(+), 47 deletions(-)
^ permalink raw reply [flat|nested] 2+ messages in thread
* [GIT PULL] security subsystem: Integrity updates for v4.19
@ 2018-08-15 22:48 ` James Morris
0 siblings, 0 replies; 2+ messages in thread
From: James Morris @ 2018-08-15 22:48 UTC (permalink / raw)
To: linux-security-module
>From Mimi Zohar:
"This pull request adds support for EVM signatures based on larger
digests, contains a new audit record AUDIT_INTEGRITY_POLICY_RULE to
differentiate the IMA policy rules from the IMA-audit messages,
addresses two deadlocks due to either loading or searching for crypto
algorithms, and cleans up the audit messages."
The following changes since commit 87ea58433208d17295e200d56be5e2a4fe4ce7d6:
security: check for kstrdup() failure in lsm_append() (2018-07-17 21:27:06 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-integrity
for you to fetch changes up to 3dd0f18c70d94ca2432c78c5735744429f071b0b:
EVM: fix return value check in evm_write_xattrs() (2018-07-22 14:49:11 -0400)
----------------------------------------------------------------
Matthew Garrett (2):
evm: Don't deadlock if a crypto algorithm is unavailable
evm: Allow non-SHA1 digital signatures
Mikhail Kurinnoi (1):
integrity: prevent deadlock during digsig verification.
Stefan Berger (4):
ima: Call audit_log_string() rather than logging it untrusted
ima: Use audit_log_format() rather than audit_log_string()
ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set
ima: Differentiate auditing policy rules from "audit" actions
Sudeep Holla (1):
integrity: silence warning when CONFIG_SECURITYFS is not enabled
Wei Yongjun (1):
EVM: fix return value check in evm_write_xattrs()
crypto/api.c | 2 +-
include/linux/crypto.h | 5 ++++
include/linux/integrity.h | 13 +++++++++
include/uapi/linux/audit.h | 1 +
security/integrity/digsig_asymmetric.c | 23 ++++++++++++++++
security/integrity/evm/Kconfig | 1 +
security/integrity/evm/evm.h | 10 +++++--
security/integrity/evm/evm_crypto.c | 50 ++++++++++++++++++----------------
security/integrity/evm/evm_main.c | 19 ++++++++-----
security/integrity/evm/evm_secfs.c | 4 +--
security/integrity/iint.c | 9 ++++--
security/integrity/ima/Kconfig | 1 +
security/integrity/ima/ima_policy.c | 9 ++++--
security/integrity/integrity.h | 15 ++++++++++
security/integrity/integrity_audit.c | 6 +---
security/security.c | 7 ++++-
16 files changed, 128 insertions(+), 47 deletions(-)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-08-15 22:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-15 22:48 [GIT PULL] security subsystem: Integrity updates for v4.19 James Morris
2018-08-15 22:48 ` James Morris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.