* [GIT PULL] integrity subsystem updates for v5.9
@ 2020-08-05 15:32 Mimi Zohar
2020-08-06 19:55 ` pr-tracker-bot
0 siblings, 1 reply; 3+ messages in thread
From: Mimi Zohar @ 2020-08-05 15:32 UTC (permalink / raw)
To: Linus Torvalds; +Cc: linux-kernel
Hi Linus,
The nicest change is the IMA policy rule checking. The other changes
include allowing the kexec boot cmdline line measure policy rules to be
defined in terms of the inode associated with the kexec kernel image,
making the IMA_APPRAISE_BOOTPARAM, which governs the IMA appraise mode
(log, fix, enforce), a runtime decision based on the secure boot mode
of the system, and including errno in the audit log.
thanks,
Mimi
The following changes since commit 48778464bb7d346b47157d21ffde2af6b2d39110:
Linux 5.8-rc2 (2020-06-21 15:45:29 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.9
for you to fetch changes up to 3db0d0c276a752af39beb5ca7424cb659aa005bb:
integrity: remove redundant initialization of variable ret (2020-07-27 16:52:09 -0400)
----------------------------------------------------------------
integrity-v5.9
----------------------------------------------------------------
Bruno Meneguele (1):
ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtime
Colin Ian King (1):
integrity: remove redundant initialization of variable ret
Lakshmi Ramasubramanian (2):
integrity: Add errno field in audit message
IMA: Add audit log for failure conditions
Maurizio Drocco (1):
ima: extend boot_aggregate with kernel measurements
Mimi Zohar (1):
Merge branch 'validate-policy-rules' into next-integrity
Tyler Hicks (14):
ima: Have the LSM free its audit rule
ima: Free the entire rule when deleting a list of rules
ima: Free the entire rule if it fails to parse
ima: Fail rule parsing when buffer hook functions have an invalid action
ima: Fail rule parsing when the KEXEC_CMDLINE hook is combined with an invalid cond
ima: Fail rule parsing when the KEY_CHECK hook is combined with an invalid cond
ima: Fail rule parsing when appraise_flag=blacklist is unsupportable
ima: Shallow copy the args_p member of ima_rule_entry.lsm elements
ima: Use correct type for the args_p member of ima_rule_entry.lsm elements
ima: Move comprehensive rule validation checks out of the token parser
ima: Use the common function to detect LSM conditionals in a rule
ima: Support additional conditionals in the KEXEC_CMDLINE hook function
ima: Rename internal filter rule functions
ima: AppArmor satisfies the audit rule requirements
include/linux/ima.h | 4 +-
kernel/kexec_file.c | 2 +-
security/integrity/digsig_asymmetric.c | 2 +-
security/integrity/ima/Kconfig | 4 +-
security/integrity/ima/ima.h | 75 +++++----
security/integrity/ima/ima_api.c | 2 +-
security/integrity/ima/ima_appraise.c | 8 +-
security/integrity/ima/ima_asymmetric_keys.c | 2 +-
security/integrity/ima/ima_crypto.c | 15 +-
security/integrity/ima/ima_main.c | 41 +++--
security/integrity/ima/ima_modsig.c | 20 ---
security/integrity/ima/ima_policy.c | 240 +++++++++++++++++++--------
security/integrity/ima/ima_queue_keys.c | 7 +-
security/integrity/integrity.h | 13 ++
security/integrity/integrity_audit.c | 11 +-
15 files changed, 301 insertions(+), 145 deletions(-)
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [GIT PULL] integrity subsystem updates for v5.9
2020-08-05 15:32 [GIT PULL] integrity subsystem updates for v5.9 Mimi Zohar
@ 2020-08-06 19:55 ` pr-tracker-bot
0 siblings, 0 replies; 3+ messages in thread
From: pr-tracker-bot @ 2020-08-06 19:55 UTC (permalink / raw)
To: Mimi Zohar; +Cc: Linus Torvalds, linux-kernel
The pull request you sent on Wed, 05 Aug 2020 11:32:19 -0400:
> git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.9
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/4cec929370763c475111b1eb307df6759b6733e7
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply [flat|nested] 3+ messages in thread
* [GIT PULL] integrity subsystem updates for v5.9
@ 2020-08-06 19:06 Mimi Zohar
0 siblings, 0 replies; 3+ messages in thread
From: Mimi Zohar @ 2020-08-06 19:06 UTC (permalink / raw)
To: Linus Torvalds; +Cc: linux-integrity, linux-kernel
Hi Linus,
The nicest change is the IMA policy rule checking. The other changes
include allowing the kexec boot cmdline line measure policy rules to be
defined in terms of the inode associated with the kexec kernel image,
making the IMA_APPRAISE_BOOTPARAM, which governs the IMA appraise mode
(log, fix, enforce), a runtime decision based on the secure boot mode
of the system, and including errno in the audit log.
thanks,
Mimi
The following changes since commit 48778464bb7d346b47157d21ffde2af6b2d39110:
Linux 5.8-rc2 (2020-06-21 15:45:29 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.9
for you to fetch changes up to 3db0d0c276a752af39beb5ca7424cb659aa005bb:
integrity: remove redundant initialization of variable ret (2020-07-27 16:52:09 -0400)
----------------------------------------------------------------
integrity-v5.9
----------------------------------------------------------------
Bruno Meneguele (1):
ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtime
Colin Ian King (1):
integrity: remove redundant initialization of variable ret
Lakshmi Ramasubramanian (2):
integrity: Add errno field in audit message
IMA: Add audit log for failure conditions
Maurizio Drocco (1):
ima: extend boot_aggregate with kernel measurements
Mimi Zohar (1):
Merge branch 'validate-policy-rules' into next-integrity
Tyler Hicks (14):
ima: Have the LSM free its audit rule
ima: Free the entire rule when deleting a list of rules
ima: Free the entire rule if it fails to parse
ima: Fail rule parsing when buffer hook functions have an invalid action
ima: Fail rule parsing when the KEXEC_CMDLINE hook is combined with an invalid cond
ima: Fail rule parsing when the KEY_CHECK hook is combined with an invalid cond
ima: Fail rule parsing when appraise_flag=blacklist is unsupportable
ima: Shallow copy the args_p member of ima_rule_entry.lsm elements
ima: Use correct type for the args_p member of ima_rule_entry.lsm elements
ima: Move comprehensive rule validation checks out of the token parser
ima: Use the common function to detect LSM conditionals in a rule
ima: Support additional conditionals in the KEXEC_CMDLINE hook function
ima: Rename internal filter rule functions
ima: AppArmor satisfies the audit rule requirements
include/linux/ima.h | 4 +-
kernel/kexec_file.c | 2 +-
security/integrity/digsig_asymmetric.c | 2 +-
security/integrity/ima/Kconfig | 4 +-
security/integrity/ima/ima.h | 75 +++++----
security/integrity/ima/ima_api.c | 2 +-
security/integrity/ima/ima_appraise.c | 8 +-
security/integrity/ima/ima_asymmetric_keys.c | 2 +-
security/integrity/ima/ima_crypto.c | 15 +-
security/integrity/ima/ima_main.c | 41 +++--
security/integrity/ima/ima_modsig.c | 20 ---
security/integrity/ima/ima_policy.c | 240 +++++++++++++++++++--------
security/integrity/ima/ima_queue_keys.c | 7 +-
security/integrity/integrity.h | 13 ++
security/integrity/integrity_audit.c | 11 +-
15 files changed, 301 insertions(+), 145 deletions(-)
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-08-06 19:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-05 15:32 [GIT PULL] integrity subsystem updates for v5.9 Mimi Zohar
2020-08-06 19:55 ` pr-tracker-bot
2020-08-06 19:06 Mimi Zohar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).