Mimi Zohar 05d659186c evm: prohibit userspace writing 'security.evm' HMAC value ... commit 2fb1c9a4f2 upstream. Calculating the 'security.evm' HMAC value requires access to the EVM encrypted key. Only the kernel should have access to it. This patch prevents userspace tools(eg. setfattr, cp --preserve=xattr) from setting/modifying the 'security.evm' HMAC value directly. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2014-06-26 15:17:33 -04:00
..
apparmor	nick kvfree() from apparmor	2014-05-06 14:02:53 -04:00
integrity	evm: prohibit userspace writing 'security.evm' HMAC value	2014-06-26 15:17:33 -04:00
keys	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2014-04-03 09:26:18 -07:00
selinux	locks: rename file-private locks to "open file description locks"	2014-04-22 08:23:58 -04:00
smack	Linux 3.13	2014-03-07 11:41:32 -05:00
tomoyo	get rid of pointless checks for NULL ->i_op	2014-04-01 23:19:16 -04:00
yama	yama: Better permission check for ptraceme	2013-03-26 13:17:58 -07:00
capability.c	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2014-04-03 09:26:18 -07:00
commoncap.c	capabilities: allow nice if we are privileged	2013-08-30 23:44:09 -07:00
device_cgroup.c	device_cgroup: check if exception removal is allowed	2014-05-05 11:20:12 -04:00
inode.c	securityfs: fix object creation races	2012-01-10 10:20:35 -05:00
Kconfig	security: select correct default LSM_MMAP_MIN_ADDR on arm on arm64	2014-02-05 14:59:14 +00:00
lsm_audit.c	audit: anchor all pid references in the initial pid namespace	2014-03-20 10:11:55 -04:00
Makefile	security: cleanup Makefiles to use standard syntax for specifying sub-directories	2014-02-17 11:08:04 +11:00
min_addr.c	mmap_min_addr check CAP_SYS_RAWIO only for write	2010-04-23 08:56:31 +10:00
security.c	vfs: add cross-rename	2014-04-01 17:08:43 +02:00