* [GIT PULL] integrity: subsystem updates for v6.8
@ 2024-01-09 13:41 Mimi Zohar
2024-01-09 21:40 ` pr-tracker-bot
0 siblings, 1 reply; 2+ messages in thread
From: Mimi Zohar @ 2024-01-09 13:41 UTC (permalink / raw)
To: Linus Torvalds; +Cc: linux-integrity, linux-kernel
Hi Linus,
Adding a new IMA/EVM maintainer and reviewer, disabling EVM on overlay, 1 bug
fix and 2 cleanups.
- The EVM HMAC and the original file signatures contain filesystem specific
metadata (e.g. i_ino, i_generation and s_uuid), preventing the security.evm
xattr from directly being copied up to the overlay. Further before calculating
and writing out the overlay file's EVM HMAC, EVM must first verify the existing
backing file's 'security.evm' value. For now until a solution is developed,
disable EVM on overlayfs.
thanks,
Mimi
The following changes since commit 2cc14f52aeb78ce3f29677c2de1f06c0e91471ab:
Linux 6.7-rc3 (2023-11-26 19:59:33 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v6.8
for you to fetch changes up to c00f94b3a5be428837868c0f2cdaa3fa5b4b1995:
overlay: disable EVM (2023-12-20 07:40:50 -0500)
----------------------------------------------------------------
integrity-v6.8
----------------------------------------------------------------
Chen Ni (1):
KEYS: encrypted: Add check for strsep
Eric Snowberg (2):
ima: Reword IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
ima: Remove EXPERIMENTAL from Kconfig
Mimi Zohar (5):
MAINTAINERS: Add Roberto Sassu as co-maintainer to IMA and EVM
MAINTAINERS: Add Eric Snowberg as a reviewer to IMA
evm: don't copy up 'security.evm' xattr
evm: add support to disable EVM on unsupported filesystems
overlay: disable EVM
MAINTAINERS | 3 +++
fs/overlayfs/super.c | 1 +
include/linux/evm.h | 6 +++++
include/linux/fs.h | 1 +
security/integrity/evm/evm_main.c | 42 +++++++++++++++++++++++++++++++-
security/integrity/ima/Kconfig | 10 ++++----
security/keys/encrypted-keys/encrypted.c | 4 +++
security/security.c | 2 +-
8 files changed, 62 insertions(+), 7 deletions(-)
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [GIT PULL] integrity: subsystem updates for v6.8
2024-01-09 13:41 [GIT PULL] integrity: subsystem updates for v6.8 Mimi Zohar
@ 2024-01-09 21:40 ` pr-tracker-bot
0 siblings, 0 replies; 2+ messages in thread
From: pr-tracker-bot @ 2024-01-09 21:40 UTC (permalink / raw)
To: Mimi Zohar; +Cc: Linus Torvalds, linux-integrity, linux-kernel
The pull request you sent on Tue, 09 Jan 2024 08:41:07 -0500:
> git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v6.8
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/6c1dd1fe5d8a1d43ed96e2e0ed44a88c73c5c039
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-01-09 21:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-09 13:41 [GIT PULL] integrity: subsystem updates for v6.8 Mimi Zohar
2024-01-09 21:40 ` pr-tracker-bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).