Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-04 04:04:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b1de86d424
linux/security/integrity/ima
History
Jeff Layton db1d1e8b98 IMA: use vfs_getattr_nosec to get the i_version 
IMA currently accesses the i_version out of the inode directly when it
does a measurement. This is fine for most simple filesystems, but can be
problematic with more complex setups (e.g. overlayfs).

Make IMA instead call vfs_getattr_nosec to get this info. This allows
the filesystem to determine whether and how to report the i_version, and
should allow IMA to work properly with a broader class of filesystems in
the future.

Reported-and-Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2023-05-23 18:07:34 -04:00
..
ima_api.c IMA: use vfs_getattr_nosec to get the i_version 2023-05-23 18:07:34 -04:00
ima_appraise.c integrity-v6.3 2023-02-22 12:36:25 -08:00
ima_asymmetric_keys.c fs: port xattr to mnt_idmap 2023-01-19 09:24:28 +01:00
ima_crypto.c mm, treewide: redefine MAX_ORDER sanely 2023-04-05 19:42:46 -07:00
ima_efi.c ima: force signature verification when CONFIG_KEXEC_SIG is configured 2022-07-13 10:13:41 -04:00
ima_fs.c ima: Return error code obtained from securityfs functions 2022-02-15 11:17:01 -05:00
ima_init.c ima: define ima_max_digest_data struct without a flexible array variable 2022-02-15 11:52:06 -05:00
ima_kexec.c x86/kexec: Carry forward IMA measurement log on kexec 2022-07-01 15:22:16 +02:00
ima_main.c IMA: use vfs_getattr_nosec to get the i_version 2023-05-23 18:07:34 -04:00
ima_modsig.c ima: Move comprehensive rule validation checks out of the token parser 2020-07-20 13:28:15 -04:00
ima_mok.c IMA: remove -Wmissing-prototypes warning 2021-07-23 08:05:06 -04:00
ima_policy.c integrity-v6.3 2023-02-22 12:36:25 -08:00
ima_queue_keys.c fs: port xattr to mnt_idmap 2023-01-19 09:24:28 +01:00
ima_queue.c IMA: support for duplicate measurement records 2021-06-11 12:54:13 -04:00
ima_template_lib.c fs: port ->permission() to pass mnt_idmap 2023-01-19 09:24:28 +01:00
ima_template_lib.h ima: define a new template field named 'd-ngv2' and templates 2022-05-05 11:49:13 -04:00
ima_template.c ima: Fix misuse of dereference of pointer in template_desc_init_fields() 2022-11-16 11:47:55 -05:00
ima.h integrity-v6.3 2023-02-22 12:36:25 -08:00
Kconfig IMA: allow/fix UML builds 2023-03-15 18:24:40 -04:00
Makefile ima: generalize x86/EFI arch glue for other EFI architectures 2020-11-06 07:40:42 +01:00