From: Mimi Zohar <zohar@linux.ibm.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-integrity <linux-integrity@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: [GIT PULL] integrity subsystem updates for v5.11
Date: Tue, 15 Dec 2020 07:45:27 -0500 [thread overview]
Message-ID: <1d4caa0d060caa9249d97acf5d8a9a0fe944076b.camel@linux.ibm.com> (raw)
Hi Linus,
Included in this pull request are just 3 patches. Other integrity
changes are being upstreamed via EFI (defines a common EFI secure and
trusted boot IMA policy) and BPF LSM (exporting the IMA file cache hash
info based on inode).
The 3 patches included in this pull request:
- bug fix: fail calculating the file hash, when a file not opened for
read and the attempt to re-open it for read fails.
- defer processing the "ima_appraise" boot command line option to avoid
enabling different modes (e.g. fix, log) to when the secure boot flag
is available on arm.
- defines "ima-buf" as the default IMA buffer measurement template in
preparation for the builtin integrity "critical data" policy.
thanks,
Mimi
The following changes since commit 3cea11cd5e3b00d91caf0b4730194039b45c5891:
Linux 5.10-rc2 (2020-11-01 14:43:51 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.11
for you to fetch changes up to 207cdd565dfc95a0a5185263a567817b7ebf5467:
ima: Don't modify file descriptor mode on the fly (2020-11-29 07:02:53 -0500)
----------------------------------------------------------------
integrity-v5.11
----------------------------------------------------------------
Ard Biesheuvel (1):
ima: defer arch_ima_get_secureboot() call to IMA init time
Lakshmi Ramasubramanian (1):
ima: select ima-buf template for buffer measurement
Roberto Sassu (1):
ima: Don't modify file descriptor mode on the fly
include/linux/ima.h | 6 ++++++
security/integrity/ima/ima.h | 1 +
security/integrity/ima/ima_appraise.c | 17 +++++++++++------
security/integrity/ima/ima_crypto.c | 20 +++++---------------
security/integrity/ima/ima_main.c | 25 ++++++++++---------------
security/integrity/ima/ima_policy.c | 2 +-
security/integrity/ima/ima_template.c | 26 ++++++++++++++++++++++++++
7 files changed, 60 insertions(+), 37 deletions(-)
next reply other threads:[~2020-12-15 12:46 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-15 12:45 Mimi Zohar [this message]
2020-12-16 19:44 ` [GIT PULL] integrity subsystem updates for v5.11 pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1d4caa0d060caa9249d97acf5d8a9a0fe944076b.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.