)]}' { "log": [ { "commit": "b67bfe0d42cac56c512dd5da4b1b347a23f4b70a", "tree": "3d465aea12b97683f26ffa38eba8744469de9997", "parents": [ "1e142b29e210b5dfb2deeb6ce2210b60af16d2a6" ], "author": { "name": "Sasha Levin", "email": "sasha.levin@oracle.com", "time": "Wed Feb 27 17:06:00 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Feb 27 19:10:24 2013 -0800" }, "message": "hlist: drop the node parameter from iterators\n\nI\u0027m not sure why, but the hlist for each entry iterators were conceived\n\n list_for_each_entry(pos, head, member)\n\nThe hlist ones were greedy and wanted an extra parameter:\n\n hlist_for_each_entry(tpos, pos, head, member)\n\nWhy did they need an extra pos parameter? I\u0027m not quite sure. Not only\nthey don\u0027t really need it, it also prevents the iterator from looking\nexactly like the list iterator, which is unfortunate.\n\nBesides the semantic patch, there was some manual work required:\n\n - Fix up the actual hlist iterators in linux/list.h\n - Fix up the declaration of other iterators based on the hlist ones.\n - A very small amount of places were using the \u0027node\u0027 parameter, this\n was modified to use \u0027obj-\u003emember\u0027 instead.\n - Coccinelle didn\u0027t handle the hlist_for_each_entry_safe iterator\n properly, so those had to be fixed up manually.\n\nThe semantic patch which is mostly the work of Peter Senna Tschudin is here:\n\n@@\niterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;\n\ntype T;\nexpression a,c,d,e;\nidentifier b;\nstatement S;\n@@\n\n-T b;\n \u003c+... when !\u003d b\n(\nhlist_for_each_entry(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_continue(a,\n- b,\nc) S\n|\nhlist_for_each_entry_from(a,\n- b,\nc) S\n|\nhlist_for_each_entry_rcu(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_rcu_bh(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_continue_rcu_bh(a,\n- b,\nc) S\n|\nfor_each_busy_worker(a, c,\n- b,\nd) S\n|\nax25_uid_for_each(a,\n- b,\nc) S\n|\nax25_for_each(a,\n- b,\nc) S\n|\ninet_bind_bucket_for_each(a,\n- b,\nc) S\n|\nsctp_for_each_hentry(a,\n- b,\nc) S\n|\nsk_for_each(a,\n- b,\nc) S\n|\nsk_for_each_rcu(a,\n- b,\nc) S\n|\nsk_for_each_from\n-(a, b)\n+(a)\nS\n+ sk_for_each_from(a) S\n|\nsk_for_each_safe(a,\n- b,\nc, d) S\n|\nsk_for_each_bound(a,\n- b,\nc) S\n|\nhlist_for_each_entry_safe(a,\n- b,\nc, d, e) S\n|\nhlist_for_each_entry_continue_rcu(a,\n- b,\nc) S\n|\nnr_neigh_for_each(a,\n- b,\nc) S\n|\nnr_neigh_for_each_safe(a,\n- b,\nc, d) S\n|\nnr_node_for_each(a,\n- b,\nc) S\n|\nnr_node_for_each_safe(a,\n- b,\nc, d) S\n|\n- for_each_gfn_sp(a, c, d, b) S\n+ for_each_gfn_sp(a, c, d) S\n|\n- for_each_gfn_indirect_valid_sp(a, c, d, b) S\n+ for_each_gfn_indirect_valid_sp(a, c, d) S\n|\nfor_each_host(a,\n- b,\nc) S\n|\nfor_each_host_safe(a,\n- b,\nc, d) S\n|\nfor_each_mesh_entry(a,\n- b,\nc, d) S\n)\n ...+\u003e\n\n[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]\n[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]\n[akpm@linux-foundation.org: checkpatch fixes]\n[akpm@linux-foundation.org: fix warnings]\n[akpm@linux-foudnation.org: redo intrusive kvm changes]\nTested-by: Peter Senna Tschudin \u003cpeter.senna@gmail.com\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nSigned-off-by: Sasha Levin \u003csasha.levin@oracle.com\u003e\nCc: Wu Fengguang \u003cfengguang.wu@intel.com\u003e\nCc: Marcelo Tosatti \u003cmtosatti@redhat.com\u003e\nCc: Gleb Natapov \u003cgleb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d895cb1af15c04c522a25c79cc429076987c089b", "tree": "895dc9157e28f603d937a58be664e4e440d5530c", "parents": [ "9626357371b519f2b955fef399647181034a77fe", "d3d009cb965eae7e002ea5badf603ea8f4c34915" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Feb 26 20:16:07 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Feb 26 20:16:07 2013 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull vfs pile (part one) from Al Viro:\n \"Assorted stuff - cleaning namei.c up a bit, fixing -\u003ed_name/-\u003ed_parent\n locking violations, etc.\n\n The most visible changes here are death of FS_REVAL_DOT (replaced with\n \"has -\u003ed_weak_revalidate()\") and a new helper getting from struct file\n to inode. Some bits of preparation to xattr method interface changes.\n\n Misc patches by various people sent this cycle *and* ocfs2 fixes from\n several cycles ago that should\u0027ve been upstream right then.\n\n PS: the next vfs pile will be xattr stuff.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (46 commits)\n saner proc_get_inode() calling conventions\n proc: avoid extra pde_put() in proc_fill_super()\n fs: change return values from -EACCES to -EPERM\n fs/exec.c: make bprm_mm_init() static\n ocfs2/dlm: use GFP_ATOMIC inside a spin_lock\n ocfs2: fix possible use-after-free with AIO\n ocfs2: Fix oops in ocfs2_fast_symlink_readpage() code path\n get_empty_filp()/alloc_file() leave both -\u003ef_pos and -\u003ef_version zero\n target: writev() on single-element vector is pointless\n export kernel_write(), convert open-coded instances\n fs: encode_fh: return FILEID_INVALID if invalid fid_type\n kill f_vfsmnt\n vfs: kill FS_REVAL_DOT by adding a d_weak_revalidate dentry op\n nfsd: handle vfs_getattr errors in acl protocol\n switch vfs_getattr() to struct path\n default SET_PERSONALITY() in linux/elf.h\n ceph: prepopulate inodes only when request is aborted\n d_hash_and_lookup(): export, switch open-coded instances\n 9p: switch v9fs_set_create_acl() to inode+fid, do it before d_instantiate()\n 9p: split dropping the acls from v9fs_set_create_acl()\n ...\n" }, { "commit": "446d64e3e1154806092ac27de198dff1225797d9", "tree": "6ae7509b776f88bf7c28254e63ba34ddcd091a92", "parents": [ "a2c2c3a71c25627e4840795b3c269918d0e71b28" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Sun Feb 24 23:42:37 2013 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Feb 26 03:10:52 2013 +1100" }, "message": "block: fix part_pack_uuid() build error\n\nCommit \"85865c1 ima: add policy support for file system uuid\"\nintroduced a CONFIG_BLOCK dependency. This patch defines a\nwrapper called blk_part_pack_uuid(), which returns -EINVAL,\nwhen CONFIG_BLOCK is not defined.\n\nsecurity/integrity/ima/ima_policy.c:538:4: error: implicit declaration\nof function \u0027part_pack_uuid\u0027 [-Werror\u003dimplicit-function-declaration]\n\nChangelog v2:\n- Reference commit number in patch description\nChangelog v1:\n- rename ima_part_pack_uuid() to blk_part_pack_uuid()\n- resolve scripts/checkpatch.pl warnings\nChangelog v0:\n- fix UUID scripts/Lindent msgs\n\nReported-by: Randy Dunlap \u003crdunlap@infradead.org\u003e\nReported-by: David Rientjes \u003crientjes@google.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nAcked-by: David Rientjes \u003crientjes@google.com\u003e\nAcked-by: Randy Dunlap \u003crdunlap@infradead.org\u003e\nCc: Jens Axboe \u003caxboe@kernel.dk\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "a2c2c3a71c25627e4840795b3c269918d0e71b28", "tree": "f643772b0087e7bf5a9801ed07580ee8d5ce93c9", "parents": [ "ab7826595e9ec51a51f622c5fc91e2f59440481a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Sun Feb 24 23:42:36 2013 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Feb 26 02:46:38 2013 +1100" }, "message": "ima: \"remove enforce checking duplication\" merge fix\n\nCommit \"750943a ima: remove enforce checking duplication\" combined\nthe \u0027in IMA policy\u0027 and \u0027enforcing file integrity\u0027 checks. For\nthe non-file, kernel module verification, a specific check for\n\u0027enforcing file integrity\u0027 was not added. This patch adds the\ncheck.\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "496ad9aa8ef448058e36ca7a787c61f2e63f0f54", "tree": "8f4abde793cd7db5bb8fde6d27ebcacd0e54379a", "parents": [ "57eccb830f1cc93d4b506ba306d8dfa685e0c88f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jan 23 17:07:38 2013 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 22 23:31:31 2013 -0500" }, "message": "new helper: file_inode(file)\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "33673dcb372b5d8179c22127ca71deb5f3dc7016", "tree": "d182e9dc6aa127375a92b5eb619d6cd2ddc23ce7", "parents": [ "fe9453a1dcb5fb146f9653267e78f4a558066f6f", "5b2660326039a32b28766cb4c1a8b1bdcfadc375" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Feb 21 08:18:12 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Feb 21 08:18:12 2013 -0800" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"This is basically a maintenance update for the TPM driver and EVM/IMA\"\n\nFix up conflicts in lib/digsig.c and security/integrity/ima/ima_main.c\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (45 commits)\n tpm/ibmvtpm: build only when IBM pseries is configured\n ima: digital signature verification using asymmetric keys\n ima: rename hash calculation functions\n ima: use new crypto_shash API instead of old crypto_hash\n ima: add policy support for file system uuid\n evm: add file system uuid to EVM hmac\n tpm_tis: check pnp_acpi_device return code\n char/tpm/tpm_i2c_stm_st33: drop temporary variable for return value\n char/tpm/tpm_i2c_stm_st33: remove dead assignment in tpm_st33_i2c_probe\n char/tpm/tpm_i2c_stm_st33: Remove __devexit attribute\n char/tpm/tpm_i2c_stm_st33: Don\u0027t use memcpy for one byte assignment\n tpm_i2c_stm_st33: removed unused variables/code\n TPM: Wait for TPM_ACCESS tpmRegValidSts to go high at startup\n tpm: Fix cancellation of TPM commands (interrupt mode)\n tpm: Fix cancellation of TPM commands (polling mode)\n tpm: Store TPM vendor ID\n TPM: Work around buggy TPMs that block during continue self test\n tpm_i2c_stm_st33: fix oops when i2c client is unavailable\n char/tpm: Use struct dev_pm_ops for power management\n TPM: STMicroelectronics ST33 I2C BUILD STUFF\n ...\n" }, { "commit": "e0751257a64ea10cca96ccb06522bfb10e36cb5b", "tree": "7ff1ec8b4d359f383fc3408876dd6ff6532f9ab6", "parents": [ "50af554466804bf51a52fa3d1d0a76f96bd33929" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Feb 07 00:12:08 2013 +0200" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 21:22:18 2013 -0500" }, "message": "ima: digital signature verification using asymmetric keys\n\nAsymmetric keys were introduced in linux-3.7 to verify the signature on\nsigned kernel modules. The asymmetric keys infrastructure abstracts the\nsignature verification from the crypto details. This patch adds IMA/EVM\nsignature verification using asymmetric keys. Support for additional\nsignature verification methods can now be delegated to the asymmetric\nkey infrastructure.\n\nAlthough the module signature header and the IMA/EVM signature header\ncould use the same format, to minimize the signature length and save\nspace in the extended attribute, this patch defines a new IMA/EVM\nheader format. The main difference is that the key identifier is a\nsha1[12 - 19] hash of the key modulus and exponent, similar to the\ncurrent implementation. The only purpose of the key identifier is to\nidentify the corresponding key in the kernel keyring. ima-evm-utils\nwas updated to support the new signature format.\n\nWhile asymmetric signature verification functionality supports many\ndifferent hash algorithms, the hash used in this patch is calculated\nduring the IMA collection phase, based on the configured algorithm.\nThe default algorithm is sha1, but for backwards compatibility md5\nis supported. Due to this current limitation, signatures should be\ngenerated using a sha1 hash algorithm.\n\nChanges in this patch:\n- Functionality has been moved to separate source file in order to get rid of\n in source #ifdefs.\n- keyid is derived according to the RFC 3280. It does not require to assign\n IMA/EVM specific \"description\" when loading X509 certificate. Kernel\n asymmetric key subsystem automatically generate the description. Also\n loading a certificate does not require using of ima-evm-utils and can be\n done using keyctl only.\n- keyid size is reduced to 32 bits to save xattr space. Key search is done\n using partial match functionality of asymmetric_key_match().\n- Kconfig option title was changed\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "50af554466804bf51a52fa3d1d0a76f96bd33929", "tree": "b7a3737c726a690ddefa60fdc01427d46d1d08b2", "parents": [ "76bb28f6126f20ee987b9d2570fa653d95d30ae9" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon May 14 14:13:56 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:41:13 2013 -0500" }, "message": "ima: rename hash calculation functions\n\nRename hash calculation functions to reflect meaning\nand change argument order in conventional way.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "76bb28f6126f20ee987b9d2570fa653d95d30ae9", "tree": "d03a184b5fb611544519662784ec50fee55bac72", "parents": [ "85865c1fa189fcba49089e6254a0226f2269bebc" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Jun 08 10:42:30 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:41:12 2013 -0500" }, "message": "ima: use new crypto_shash API instead of old crypto_hash\n\nOld crypto hash API internally uses shash API.\nUsing shash API directly is more efficient.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "85865c1fa189fcba49089e6254a0226f2269bebc", "tree": "e3bcc153e1218302a3bccd30f55295361396a781", "parents": [ "74de66842473bdafa798010e58f1999ec70a8983" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Sep 03 23:23:13 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:40:29 2013 -0500" }, "message": "ima: add policy support for file system uuid\n\nThe IMA policy permits specifying rules to enable or disable\nmeasurement/appraisal/audit based on the file system magic number.\nIf, for example, the policy contains an ext4 measurement rule,\nthe rule is enabled for all ext4 partitions.\n\nSometimes it might be necessary to enable measurement/appraisal/audit\nonly for one partition and disable it for another partition of the\nsame type. With the existing IMA policy syntax, this can not be done.\n\nThis patch provides support for IMA policy rules to specify the file\nsystem by its UUID (eg. fsuuid\u003d397449cd-687d-4145-8698-7fed4a3e0363).\n\nFor partitions not being appraised, it might be a good idea to mount\nfile systems with the \u0027noexec\u0027 option to prevent executing non-verified\nbinaries.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "74de66842473bdafa798010e58f1999ec70a8983", "tree": "83bb9c589051fd7269a9cd2bf1d7be9a955eccbd", "parents": [ "6e38bfaad6c83bdd07eb659f9bfd50f8d71a5a46" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Sep 10 10:37:20 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:40:28 2013 -0500" }, "message": "evm: add file system uuid to EVM hmac\n\nEVM uses the same key for all file systems to calculate the HMAC,\nmaking it possible to paste inodes from one file system on to another\none, without EVM being able to detect it. To prevent such an attack,\nit is necessary to make the EVM HMAC file system specific.\n\nThis patch uses the file system UUID, a file system unique identifier,\nto bind the EVM HMAC to the file system. The value inode-\u003ei_sb-\u003es_uuid\nis used for the HMAC hash calculation, instead of using it for deriving\nthe file system specific key. Initializing the key for every inode HMAC\ncalculation is a bit more expensive operation than adding the uuid to\nthe HMAC hash.\n\nChanging the HMAC calculation method or adding additional info to the\ncalculation, requires existing EVM labeled file systems to be relabeled.\nThis patch adds a Kconfig HMAC version option for backwards compatability.\n\nChangelog v1:\n- squash \"hmac version setting\"\nChangelog v0:\n- add missing Kconfig depends (Mimi)\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "5a73fcfa8875a94c2956e7ff8fba54d31a3e2854", "tree": "4f7a55a1f4c7524aaa422fc216717c1c0424d48e", "parents": [ "d79d72e02485c00b886179538dc8deaffa3be507" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Dec 05 15:14:38 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:39 2013 -0500" }, "message": "ima: differentiate appraise status only for hook specific rules\n\nDifferent hooks can require different methods for appraising a\nfile\u0027s integrity. As a result, an integrity appraisal status is\ncached on a per hook basis.\n\nOnly a hook specific rule, requires the inode to be re-appraised.\nThis patch eliminates unnecessary appraisals.\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "d79d72e02485c00b886179538dc8deaffa3be507", "tree": "92690d5cbd6e4a0a3bee369033fe18d9b2d065f7", "parents": [ "f578c08ec959cb0cdadf02bdc9689a4df3e9b9d4" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 03 17:08:11 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:36 2013 -0500" }, "message": "ima: per hook cache integrity appraisal status\n\nWith the new IMA policy \u0027appraise_type\u003d\u0027 option, different hooks\ncan require different methods for appraising a file\u0027s integrity.\n\nFor example, the existing \u0027ima_appraise_tcb\u0027 policy defines a\ngeneric rule, requiring all root files to be appraised, without\nspecfying the appraisal method. A more specific rule could require\nall kernel modules, for example, to be signed.\n\nappraise fowner\u003d0 func\u003dMODULE_CHECK appraise_type\u003dimasig\nappraise fowner\u003d0\n\nAs a result, the integrity appraisal results for the same inode, but\nfor different hooks, could differ. This patch caches the integrity\nappraisal results on a per hook basis.\n\nChangelog v2:\n- Rename ima_cache_status() to ima_set_cache_status()\n- Rename and move get_appraise_status() to ima_get_cache_status()\nChangelog v0:\n- include IMA_APPRAISE/APPRAISED_SUBMASK in IMA_DO/DONE_MASK (Dmitry)\n- Support independent MODULE_CHECK appraise status.\n- fixed IMA_XXXX_APPRAISE/APPRAISED flags\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "f578c08ec959cb0cdadf02bdc9689a4df3e9b9d4", "tree": "914edd29a01e55aa993f810246ff01e8c1c19ae0", "parents": [ "0e5a247cb37a97d843ef76d09d5f80deb7893ba3" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Dec 05 09:29:09 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:34 2013 -0500" }, "message": "ima: increase iint flag size\n\nIn preparation for hook specific appraise status results, increase\nthe iint flags size.\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "0e5a247cb37a97d843ef76d09d5f80deb7893ba3", "tree": "7206abaf6d20e69a89584046ed7dc9970ba2da12", "parents": [ "a175b8bb29ebbad380ab4788f307fbfc47997b19" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Jun 08 13:58:49 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:31 2013 -0500" }, "message": "ima: added policy support for \u0027security.ima\u0027 type\n\nThe \u0027security.ima\u0027 extended attribute may contain either the file data\u0027s\nhash or a digital signature. This patch adds support for requiring a\nspecific extended attribute type. It extends the IMA policy with a new\nkeyword \u0027appraise_type\u003dimasig\u0027. (Default is hash.)\n\nChangelog v2:\n- Fixed Documentation/ABI/testing/ima_policy option syntax\nChangelog v1:\n- Differentiate between \u0027required\u0027 vs. \u0027actual\u0027 extended attribute\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "a67adb997419fb53540d4a4f79c6471c60bc69b6", "tree": "5796039c0789a8504fb3b7d1a5cb81b4e47121fb", "parents": [ "9a9284153d965a57edc7162a8e57c14c97f3a935" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Jan 18 23:56:39 2013 +0200" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Jan 22 00:27:50 2013 +1100" }, "message": "evm: checking if removexattr is not a NULL\n\nThe following lines of code produce a kernel oops.\n\nfd \u003d socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);\nfchmod(fd, 0666);\n\n[ 139.922364] BUG: unable to handle kernel NULL pointer dereference at (null)\n[ 139.924982] IP: [\u003c (null)\u003e] (null)\n[ 139.924982] *pde \u003d 00000000\n[ 139.924982] Oops: 0000 [#5] SMP\n[ 139.924982] Modules linked in: fuse dm_crypt dm_mod i2c_piix4 serio_raw evdev binfmt_misc button\n[ 139.924982] Pid: 3070, comm: acpid Tainted: G D 3.8.0-rc2-kds+ #465 Bochs Bochs\n[ 139.924982] EIP: 0060:[\u003c00000000\u003e] EFLAGS: 00010246 CPU: 0\n[ 139.924982] EIP is at 0x0\n[ 139.924982] EAX: cf5ef000 EBX: cf5ef000 ECX: c143d600 EDX: c15225f2\n[ 139.924982] ESI: cf4d2a1c EDI: cf4d2a1c EBP: cc02df10 ESP: cc02dee4\n[ 139.924982] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068\n[ 139.924982] CR0: 80050033 CR2: 00000000 CR3: 0c059000 CR4: 000006d0\n[ 139.924982] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000\n[ 139.924982] DR6: ffff0ff0 DR7: 00000400\n[ 139.924982] Process acpid (pid: 3070, ti\u003dcc02c000 task\u003dd7705340 task.ti\u003dcc02c000)\n[ 139.924982] Stack:\n[ 139.924982] c1203c88 00000000 cc02def4 cf4d2a1c ae21eefa 471b60d5 1083c1ba c26a5940\n[ 139.924982] e891fb5e 00000041 00000004 cc02df1c c1203964 00000000 cc02df4c c10e20c3\n[ 139.924982] 00000002 00000000 00000000 22222222 c1ff2222 cf5ef000 00000000 d76efb08\n[ 139.924982] Call Trace:\n[ 139.924982] [\u003cc1203c88\u003e] ? evm_update_evmxattr+0x5b/0x62\n[ 139.924982] [\u003cc1203964\u003e] evm_inode_post_setattr+0x22/0x26\n[ 139.924982] [\u003cc10e20c3\u003e] notify_change+0x25f/0x281\n[ 139.924982] [\u003cc10cbf56\u003e] chmod_common+0x59/0x76\n[ 139.924982] [\u003cc10e27a1\u003e] ? put_unused_fd+0x33/0x33\n[ 139.924982] [\u003cc10cca09\u003e] sys_fchmod+0x39/0x5c\n[ 139.924982] [\u003cc13f4f30\u003e] syscall_call+0x7/0xb\n[ 139.924982] Code: Bad EIP value.\n\nThis happens because sockets do not define the removexattr operation.\nBefore removing the xattr, verify the removexattr function pointer is\nnot NULL.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nCc: stable@vger.kernel.org\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "a175b8bb29ebbad380ab4788f307fbfc47997b19", "tree": "8e0dbb1def59d05412e57ff2f9fc089bb304bffa", "parents": [ "ea1046d4c57ee6e3d5f68f19dd9a45bbab0b71a0" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 27 15:06:28 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:50:05 2013 -0500" }, "message": "ima: forbid write access to files with digital signatures\n\nThis patch forbids write access to files with digital signatures, as they\nare considered immutable.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "ea1046d4c57ee6e3d5f68f19dd9a45bbab0b71a0", "tree": "5779ef0eadc9b871f0b1b06cc0107d0c28dfc726", "parents": [ "ee866331749b07373743ce18ceaffb1dd841d855" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Sep 04 00:40:17 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:50:03 2013 -0500" }, "message": "ima: move full pathname resolution to separate function\n\nDefine a new function ima_d_path(), which returns the full pathname.\nThis function will be used further, for example, by the directory\nverification code.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "ee866331749b07373743ce18ceaffb1dd841d855", "tree": "c99c1f5218e5a1f9fcf756142922a2a996870c57", "parents": [ "16cac49f727621c6b0467ffe15ed72c2febb1296" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Sep 21 17:00:43 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:50:01 2013 -0500" }, "message": "integrity: reduce storage size for ima_status and evm_status\n\nThis patch reduces size of the iint structure by 8 bytes.\nIt saves about 15% of iint cache memory.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "16cac49f727621c6b0467ffe15ed72c2febb1296", "tree": "dc9b4914116ad2ecb1831184192470900e609a27", "parents": [ "b51524635b73cfa27cc393859b277cee9c042820" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Dec 13 11:15:04 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:49:59 2013 -0500" }, "message": "ima: rename FILE_MMAP to MMAP_CHECK\n\nRename FILE_MMAP hook to MMAP_CHECK to be consistent with the other\nhook names.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "b51524635b73cfa27cc393859b277cee9c042820", "tree": "c4fae16b423b732dce39b28faca4ae4f1dadc3f9", "parents": [ "750943a30714b7e9a5a2b0e08eeef7a808b5a869" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Sep 21 01:01:29 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:49:57 2013 -0500" }, "message": "ima: remove security.ima hexdump\n\nHexdump is not really helping. Audit messages prints error messages.\nRemove it.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "750943a30714b7e9a5a2b0e08eeef7a808b5a869", "tree": "a75f963abc43a13e3d1a558b2f8c3d47b018b63d", "parents": [ "def3e8b9ee23cb69036910e48ec4e3eff40e04cb" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 27 15:57:10 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:49:44 2013 -0500" }, "message": "ima: remove enforce checking duplication\n\nBased on the IMA appraisal policy, files are appraised. For those\nfiles appraised, the IMA hooks return the integrity appraisal result,\nassuming IMA-appraisal is in enforcing mode. This patch combines\nboth of these criteria (in policy and enforcing file integrity),\nremoving the checking duplication.\n\nChangelog v1:\n- Update hook comments\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "def3e8b9ee23cb69036910e48ec4e3eff40e04cb", "tree": "0840ab9e618f15f4c3c5e8ee6fafe5a17c814af2", "parents": [ "e90805656d4683f84d360276102ae63adc777a38" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 20 22:38:53 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 15:47:07 2013 -0500" }, "message": "ima: set appraise status in fix mode only when xattr is fixed\n\nWhen a file system is mounted read-only, setting the xattr value in\nfix mode fails with an error code -EROFS. The xattr should be fixed\nafter the file system is remounted read-write. This patch verifies\nthat the set xattr succeeds, before setting the appraise status value\nto INTEGRITY_PASS.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "e90805656d4683f84d360276102ae63adc777a38", "tree": "b252fcd8e8b1f0fde0277c24413ad21c857515c2", "parents": [ "7163a993840f0906d4ce1e3f193575c99dac21e1" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Sep 03 17:11:56 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 15:47:05 2013 -0500" }, "message": "evm: remove unused cleanup functions\n\nEVM cannot be built as a kernel module. Remove the unncessary __exit\nfunctions.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "7163a993840f0906d4ce1e3f193575c99dac21e1", "tree": "3c1c04f5da24cf2492b20b861c9974549978436c", "parents": [ "cf9ce948f47640797bd19980e1d99c6d17d0bdc3" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jan 03 14:19:09 2013 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 15:47:03 2013 -0500" }, "message": "ima: re-initialize IMA policy LSM info\n\nAlthough the IMA policy does not change, the LSM policy can be\nreloaded, leaving the IMA LSM based rules referring to the old,\nstale LSM policy. This patch updates the IMA LSM based rules\nto reflect the reloaded LSM policy.\n\nReported-by: Sven Vermeulen \u003csven.vermeulen@siphos.be\u003e\ntested-by: Sven Vermeulen \u003csven.vermeulen@siphos.be\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "a7f2a366f62319dfebf8d4dfe8b211f631c78457", "tree": "67e502cd2da52cc6c75d1fa9dcaed27fd05b86e2", "parents": [ "a49f0d1ea3ec94fc7cf33a7c36a16343b74bd565" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Dec 21 08:34:21 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 24 09:35:48 2012 -0500" }, "message": "ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall\n\nThe new kernel module syscall appraises kernel modules based\non policy. If the IMA policy requires kernel module checking,\nfallback to module signature enforcing for the existing syscall.\nWithout CONFIG_MODULE_SIG_FORCE enabled, the kernel module\u0027s\nintegrity is unknown, return -EACCES.\n\nChangelog v1:\n- Fix ima_module_check() return result (Tetsuo Handa)\n\nReported-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nReviewed-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "fdf90729e57812cb12d7938e2dee7c71e875fb08", "tree": "0ec17c765406dedc37ac278823d50587d53d1525", "parents": [ "1625cee56f8e6193b5a0809a414dfa395bd9cf1e" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Oct 16 12:40:08 2012 +1030" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Dec 14 13:05:26 2012 +1030" }, "message": "ima: support new kernel module syscall\n\nWith the addition of the new kernel module syscall, which defines two\narguments - a file descriptor to the kernel module and a pointer to a NULL\nterminated string of module arguments - it is now possible to measure and\nappraise kernel modules like any other file on the file system.\n\nThis patch adds support to measure and appraise kernel modules in an\nextensible and consistent manner.\n\nTo support filesystems without extended attribute support, additional\npatches could pass the signature as the first parameter.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "d26e1936227b538a1691b978566ef269aef10853", "tree": "c1b803d6177f6c39932a159c7bdb2c557497e16f", "parents": [ "ecefbd94b834fa32559d854646d777c56749ef1c" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 27 18:26:53 2012 +0300" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Fri Oct 05 22:32:16 2012 +1000" }, "message": "ima: fix bug in argument order\n\nmask argument goes first, then func, like ima_must_measure\nand ima_get_action. ima_inode_post_setattr() assumes that.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "88265322c14cce39f7afbc416726ef4fac413298", "tree": "e4956f905ef617971f87788d8f8a09dbb66b70a3", "parents": [ "65b99c74fdd325d1ffa2e5663295888704712604", "bf5308344527d015ac9a6d2bda4ad4d40fd7d943" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"Highlights:\n\n - Integrity: add local fs integrity verification to detect offline\n attacks\n - Integrity: add digital signature verification\n - Simple stacking of Yama with other LSMs (per LSS discussions)\n - IBM vTPM support on ppc64\n - Add new driver for Infineon I2C TIS TPM\n - Smack: add rule revocation for subject labels\"\n\nFixed conflicts with the user namespace support in kernel/auditsc.c and\nsecurity/integrity/ima/ima_policy.c.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits)\n Documentation: Update git repository URL for Smack userland tools\n ima: change flags container data type\n Smack: setprocattr memory leak fix\n Smack: implement revoking all rules for a subject label\n Smack: remove task_wait() hook.\n ima: audit log hashes\n ima: generic IMA action flag handling\n ima: rename ima_must_appraise_or_measure\n audit: export audit_log_task_info\n tpm: fix tpm_acpi sparse warning on different address spaces\n samples/seccomp: fix 31 bit build on s390\n ima: digital signature verification support\n ima: add support for different security.ima data types\n ima: add ima_inode_setxattr/removexattr function and calls\n ima: add inode_post_setattr call\n ima: replace iint spinblock with rwlock/read_lock\n ima: allocating iint improvements\n ima: add appraise action keywords and default rules\n ima: integrity appraisal extension\n vfs: move ima_file_free before releasing the file\n ...\n" }, { "commit": "8b94eea4bfb8df693c5b35d08b74f13cfb92f3de", "tree": "908ffbf4f0bb117ca47346712dc0e57f6434cda1", "parents": [ "cf9c93526f4517581a9e8f1c0d9093a4c7748ec6" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri May 25 18:24:12 2012 -0600" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Sep 21 03:13:24 2012 -0700" }, "message": "userns: Add user namespace support to IMA\n\nUse kuid\u0027s in the IMA rules.\n\nWhen reporting the current uid in audit logs use from_kuid\nto get a usable value.\n\nCc: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "cf9c93526f4517581a9e8f1c0d9093a4c7748ec6", "tree": "9e9eba640d957fe83e081602f7c227480fb413b5", "parents": [ "29f82ae56e8798f7907d60145e0186082800d130" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri May 25 18:22:35 2012 -0600" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Sep 21 03:13:24 2012 -0700" }, "message": "userns: Convert EVM to deal with kuids and kgids in it\u0027s hmac computation\n\nCc: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "0a72ba7aff26fb6e918cee6d2bbfd289069f10ae", "tree": "4263886ae20b6875153c20513b607e6208e8a3f6", "parents": [ "46a2f3b9e99353cc63e15563e8abee71162330f7" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Sep 19 15:32:49 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 19 08:55:20 2012 -0400" }, "message": "ima: change flags container data type\n\nIMA audit hashes patches introduced new IMA flags and required\nspace went beyond 8 bits. Currently the only flag is IMA_DIGSIG.\nThis patch use 16 bit short instead of 8 bit char.\nWithout this fix IMA signature will be replaced with hash, which\nshould not happen.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "e7c568e0fd0cf6d9c8ab8ea537ba8f3a3ae7c3d8", "tree": "f920b77b98c38e28dd2974564db102160e59f3e9", "parents": [ "45e2472e67bf66f794d507b52e82af92e0614e49" ], "author": { "name": "Peter Moody", "email": "pmoody@google.com", "time": "Thu Jun 14 10:04:36 2012 -0700" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Sep 13 14:48:44 2012 -0400" }, "message": "ima: audit log hashes\n\nThis adds an \u0027audit\u0027 policy action which audit logs file measurements.\n\nChangelog v6:\n - use new action flag handling (Dmitry Kasatkin).\n - removed whitespace (Mimi)\n\nChangelog v5:\n - use audit_log_untrustedstring.\n\nChangelog v4:\n - cleanup digest -\u003e hash conversion.\n - use filename rather than d_path in ima_audit_measurement.\n\nChangelog v3:\n - Use newly exported audit_log_task_info for logging pid/ppid/uid/etc.\n - Update the ima_policy ABI documentation.\n\nChangelog v2:\n - Use \u0027audit\u0027 action rather than \u0027measure_and_audit\u0027 to permit\n auditing in the absence of measuring..\n\nChangelog v1:\n - Initial posting.\n\nSigned-off-by: Peter Moody \u003cpmoody@google.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "45e2472e67bf66f794d507b52e82af92e0614e49", "tree": "4b3ba557d4f9da9bca14ce85bee965e4a9fcd6ac", "parents": [ "d9d300cdb6f233c4c591348919c758062198a4f4" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Sep 12 20:51:32 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Sep 13 14:23:57 2012 -0400" }, "message": "ima: generic IMA action flag handling\n\nMake the IMA action flag handling generic in order to support\nadditional new actions, without requiring changes to the base\nimplementation. New actions, like audit logging, will only\nneed to modify the define statements.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "d9d300cdb6f233c4c591348919c758062198a4f4", "tree": "2a00e8e9100b1d799e5b779008ad0081e7fe5264", "parents": [ "e23eb920b0f3978687c497de2ac3eb9e281dab32" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Jun 27 11:26:14 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 12 07:28:05 2012 -0400" }, "message": "ima: rename ima_must_appraise_or_measure\n\nWhen AUDIT action support is added to the IMA,\nima_must_appraise_or_measure() does not reflect the real meaning anymore.\nRename it to ima_get_action().\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "8606404fa555c2ee691376fcc640ab89fe752035", "tree": "4b2d2e43b7ad196b46757faff10d04803381a543", "parents": [ "5a44b41207174e1882ce0c24a752f4cfb65dab07" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Aug 31 14:07:06 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:48 2012 -0400" }, "message": "ima: digital signature verification support\n\nThis patch adds support for digital signature based integrity appraisal.\nWith this patch, \u0027security.ima\u0027 contains either the file data hash or\na digital signature of the file data hash. The file data hash provides\nthe security attribute of file integrity. In addition to file integrity,\na digital signature provides the security attribute of authenticity.\n\nUnlike EVM, when the file metadata changes, the digital signature is\nreplaced with an HMAC, modification of the file data does not cause the\n\u0027security.ima\u0027 digital signature to be replaced with a hash. As a\nresult, after any modification, subsequent file integrity appraisals\nwould fail.\n\nAlthough digitally signed files can be modified, but by not updating\n\u0027security.ima\u0027 to reflect these modifications, in essence digitally\nsigned files could be considered \u0027immutable\u0027.\n\nIMA uses a different keyring than EVM. While the EVM keyring should not\nbe updated after initialization and locked, the IMA keyring should allow\nupdating or adding new keys when upgrading or installing packages.\n\nChangelog v4:\n- Change IMA_DIGSIG to hex equivalent\nChangelog v3:\n- Permit files without any \u0027security.ima\u0027 xattr to be labeled properly.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "5a44b41207174e1882ce0c24a752f4cfb65dab07", "tree": "a5426be63a4f165f3ce15d1e61d8fd10f37fd8c3", "parents": [ "42c63330f2b05aa6077c1bfc2798c04afe54f6b2" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jan 09 22:59:36 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:47 2012 -0400" }, "message": "ima: add support for different security.ima data types\n\nIMA-appraisal currently verifies the integrity of a file based on a\nknown \u0027good\u0027 measurement value. This patch reserves the first byte\nof \u0027security.ima\u0027 as a place holder for the type of method used for\nverifying file data integrity.\n\nChangelog v1:\n- Use the newly defined \u0027struct evm_ima_xattr_data\u0027\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@nokia.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "42c63330f2b05aa6077c1bfc2798c04afe54f6b2", "tree": "bbd7d212ba9c686b2b649718b8b919bdd2eecea4", "parents": [ "9957a5043e7b0b7361cdf48eea22b2900293e63a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Mar 10 18:54:15 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:47 2012 -0400" }, "message": "ima: add ima_inode_setxattr/removexattr function and calls\n\nBased on xattr_permission comments, the restriction to modify \u0027security\u0027\nxattr is left up to the underlying fs or lsm. Ensure that not just anyone\ncan modify or remove \u0027security.ima\u0027.\n\nChangelog v1:\n- Unless IMA-APPRAISE is configured, use stub ima_inode_removexattr()/setxattr()\n functions. (Moved ima_inode_removexattr()/setxattr() to ima_appraise.c)\n\nChangelog:\n - take i_mutex to fix locking (Dmitry Kasatkin)\n - ima_reset_appraise_flags should only be called when modifying or\n removing the \u0027security.ima\u0027 xattr. Requires CAP_SYS_ADMIN privilege.\n (Incorporated fix from Roberto Sassu)\n - Even if allowed to update security.ima, reset the appraisal flags,\n forcing re-appraisal.\n - Replace CAP_MAC_ADMIN with CAP_SYS_ADMIN\n - static inline ima_inode_setxattr()/ima_inode_removexattr() stubs\n - ima_protect_xattr should be static\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "a10bf26b2f53242836e9362c6c9c857b627b82a9", "tree": "98c7b83684f1df42571013af4c0572c7eeea8e76", "parents": [ "bf2276d10ce58ff44ab8857266a6718024496af6" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Feb 08 14:15:42 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:46 2012 -0400" }, "message": "ima: replace iint spinblock with rwlock/read_lock\n\nFor performance, replace the iint spinlock with rwlock/read_lock.\n\nEric Paris questioned this change, from spinlocks to rwlocks, saying\n\"rwlocks have been shown to actually be slower on multi processor\nsystems in a number of cases due to the cache line bouncing required.\"\n\nBased on performance measurements compiling the kernel on a cold\nboot with multiple jobs with/without this patch, Dmitry Kasatkin\nand I found that rwlocks performed better than spinlocks, but very\ninsignificantly. For example with total compilation time around 6\nminutes, with rwlocks time was 1 - 3 seconds shorter... but always\nlike that.\n\nChangelog v2:\n- new patch taken from the \u0027allocating iint improvements\u0027 patch\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "bf2276d10ce58ff44ab8857266a6718024496af6", "tree": "7be39c026fd30856248f68c964d0f1e2ae703c25", "parents": [ "07f6a79415d7d502ee0c7d02ace6594a7be7429a" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Oct 19 12:04:40 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:45 2012 -0400" }, "message": "ima: allocating iint improvements\n\nWith IMA-appraisal\u0027s removal of the iint mutex and taking the i_mutex\ninstead, allocating the iint becomes a lot simplier, as we don\u0027t need\nto be concerned with two processes racing to allocate the iint. This\npatch cleans up and improves performance for allocating the iint.\n\n- removed redundant double i_mutex locking\n- combined iint allocation with tree search\n\nChangelog v2:\n- removed the rwlock/read_lock changes from this patch\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "07f6a79415d7d502ee0c7d02ace6594a7be7429a", "tree": "af2a9b3bb84ab621cbf11ab609dd8cc3566f2b12", "parents": [ "2fe5d6def1672ae6635dd71867bf36dcfaa7434b" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Mar 09 22:25:48 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:45 2012 -0400" }, "message": "ima: add appraise action keywords and default rules\n\nUnlike the IMA measurement policy, the appraise policy can not be dependent\non runtime process information, such as the task uid, as the \u0027security.ima\u0027\nxattr is written on file close and must be updated each time the file changes,\nregardless of the current task uid.\n\nThis patch extends the policy language with \u0027fowner\u0027, defines an appraise\npolicy, which appraises all files owned by root, and defines \u0027ima_appraise_tcb\u0027,\na new boot command line option, to enable the appraise policy.\n\nChangelog v3:\n- separate the measure from the appraise rules in order to support measuring\n without appraising and appraising without measuring.\n- change appraisal default for filesystems without xattr support to fail\n- update default appraise policy for cgroups\n\nChangelog v1:\n- don\u0027t appraise RAMFS (Dmitry Kasatkin)\n- merged rest of \"ima: ima_must_appraise_or_measure API change\" commit\n (Dmtiry Kasatkin)\n\n ima_must_appraise_or_measure() called ima_match_policy twice, which\n searched the policy for a matching rule. Once for a matching measurement\n rule and subsequently for an appraisal rule. Searching the policy twice\n is unnecessary overhead, which could be noticeable with a large policy.\n\n The new version of ima_must_appraise_or_measure() does everything in a\n single iteration using a new version of ima_match_policy(). It returns\n IMA_MEASURE, IMA_APPRAISE mask.\n\n With the use of action mask only one efficient matching function\n is enough. Removed other specific versions of matching functions.\n\nChangelog:\n- change \u0027owner\u0027 to \u0027fowner\u0027 to conform to the new LSM conditions posted by\n Roberto Sassu.\n- fix calls to ima_log_string()\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b", "tree": "f83878d309605440b5bc2d2d43a16ccece64c645", "parents": [ "4199d35cbc90c15db447d115bd96ffa5f1d60d3a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Feb 13 10:15:05 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:44 2012 -0400" }, "message": "ima: integrity appraisal extension\n\nIMA currently maintains an integrity measurement list used to assert the\nintegrity of the running system to a third party. The IMA-appraisal\nextension adds local integrity validation and enforcement of the\nmeasurement against a \"good\" value stored as an extended attribute\n\u0027security.ima\u0027. The initial methods for validating \u0027security.ima\u0027 are\nhashed based, which provides file data integrity, and digital signature\nbased, which in addition to providing file data integrity, provides\nauthenticity.\n\nThis patch creates and maintains the \u0027security.ima\u0027 xattr, containing\nthe file data hash measurement. Protection of the xattr is provided by\nEVM, if enabled and configured.\n\nBased on policy, IMA calls evm_verifyxattr() to verify a file\u0027s metadata\nintegrity and, assuming success, compares the file\u0027s current hash value\nwith the one stored as an extended attribute in \u0027security.ima\u0027.\n\nChangelov v4:\n- changed iint cache flags to hex values\n\nChangelog v3:\n- change appraisal default for filesystems without xattr support to fail\n\nChangelog v2:\n- fix audit msg \u0027res\u0027 value\n- removed unused \u0027ima_appraise\u003d\u0027 values\n\nChangelog v1:\n- removed unused iint mutex (Dmitry Kasatkin)\n- setattr hook must not reset appraised (Dmitry Kasatkin)\n- evm_verifyxattr() now differentiates between no \u0027security.evm\u0027 xattr\n (INTEGRITY_NOLABEL) and no EVM \u0027protected\u0027 xattrs included in the\n \u0027security.evm\u0027 (INTEGRITY_NOXATTRS).\n- replace hash_status with ima_status (Dmitry Kasatkin)\n- re-initialize slab element ima_status on free (Dmitry Kasatkin)\n- include \u0027security.ima\u0027 in EVM if CONFIG_IMA_APPRAISE, not CONFIG_IMA\n- merged half \"ima: ima_must_appraise_or_measure API change\" (Dmitry Kasatkin)\n- removed unnecessary error variable in process_measurement() (Dmitry Kasatkin)\n- use ima_inode_post_setattr() stub function, if IMA_APPRAISE not configured\n (moved ima_inode_post_setattr() to ima_appraise.c)\n- make sure ima_collect_measurement() can read file\n\nChangelog:\n- add \u0027iint\u0027 to evm_verifyxattr() call (Dimitry Kasatkin)\n- fix the race condition between chmod, which takes the i_mutex and then\n iint-\u003emutex, and ima_file_free() and process_measurement(), which take\n the locks in the reverse order, by eliminating iint-\u003emutex. (Dmitry Kasatkin)\n- cleanup of ima_appraise_measurement() (Dmitry Kasatkin)\n- changes as a result of the iint not allocated for all regular files, but\n only for those measured/appraised.\n- don\u0027t try to appraise new/empty files\n- expanded ima_appraisal description in ima/Kconfig\n- IMA appraise definitions required even if IMA_APPRAISE not enabled\n- add return value to ima_must_appraise() stub\n- unconditionally set status \u003d INTEGRITY_PASS *after* testing status,\n not before. (Found by Joe Perches)\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "20328b56cdf8fcc79f28c6c50ad8190fc0779e80", "tree": "e8c38d27456bda5b112f0edccf63757e7098d997", "parents": [ "c5df39262dd59dbbffb1017fca0f1661408ac9d5" ], "author": { "name": "Kent Yoder", "email": "key@linux.vnet.ibm.com", "time": "Wed Aug 22 15:01:47 2012 -0500" }, "committer": { "name": "Kent Yoder", "email": "key@linux.vnet.ibm.com", "time": "Wed Aug 22 16:23:23 2012 -0500" }, "message": "ima: enable the IBM vTPM as the default TPM in the PPC64 case\n\nEnable tpm_ibmvtpm driver by default when IMA is enabled on PPC64\n\nSigned-off-by: Kent Yoder \u003ckey@linux.vnet.ibm.com\u003e\n" }, { "commit": "417c6c8ee2eb6975f357d8975af94ba5fbeaf82d", "tree": "02af1e4363f415bfaa45c50a530cee78ecdf87b8", "parents": [ "7ff2267af595e642f1009198ab49e86a239148fa" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Jun 25 12:18:21 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jul 05 16:43:59 2012 -0400" }, "message": "ima: audit is compiled only when enabled\n\nIMA auditing code was compiled even when CONFIG_AUDIT was not enabled.\nThis patch compiles auditing code only when possible and enabled.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "7ff2267af595e642f1009198ab49e86a239148fa", "tree": "bd9187795ee24b4a339593caff40ea677e706e17", "parents": [ "8445d64dd761440fb5c73a2abba25009f4bf0e4c" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Jun 25 12:18:11 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jul 05 16:43:57 2012 -0400" }, "message": "ima: ima_initialized is set only if successful\n\nSet ima_initialized only if initialization was successful.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "8445d64dd761440fb5c73a2abba25009f4bf0e4c", "tree": "1529319b3b3fed827a02b5b8fafcd367045d540c", "parents": [ "c7de7adc18241a0eb10a6e1fed7cb1e01f53c85a" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Jun 25 12:18:09 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jul 05 16:42:33 2012 -0400" }, "message": "ima: add policy for pseudo fs\n\nExclude DEVPTS and BINFMT filesystems from the measurement policy.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "c7de7adc18241a0eb10a6e1fed7cb1e01f53c85a", "tree": "2b79a44399e29c7d20397ec5188b42528f8c90d5", "parents": [ "0ea4f8ae416a9e8d15f4e20680879358f620e8b8" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Jun 25 12:18:10 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 02 16:43:30 2012 -0400" }, "message": "ima: remove unused cleanup functions\n\nIMA cannot be used as module and does not need __exit functions.\nRemoved them.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "0ea4f8ae416a9e8d15f4e20680879358f620e8b8", "tree": "68c03378249e4d3c543f5c6bf3833774a3c58adb", "parents": [ "08e1b76ae399a010c0d0916b125d75aed6961d16" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Sun Jan 29 19:19:08 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 02 16:43:30 2012 -0400" }, "message": "ima: free securityfs violations file\n\nOn ima_fs_init() error, free securityfs violations file.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "08e1b76ae399a010c0d0916b125d75aed6961d16", "tree": "88806da1802a75d3edbb46436bb509150177eb76", "parents": [ "659b5e76521c10331495cbd9acb7217e38ff9750" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jun 20 09:32:55 2012 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 02 16:43:29 2012 -0400" }, "message": "ima: use full pathnames in measurement list\n\nThe IMA measurement list contains filename hints, which can be\nambigious without the full pathname. This patch replaces the\nfilename hint with the full pathname, simplifying for userspace\nthe correlating of file hash measurements with files.\n\nChange log v1:\n- Revert to short filenames, when full pathname is longer than IMA\n measurement buffer size. (Based on Dmitry\u0027s review)\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "fbbb456347b21279a379b42eeb31151c33d8dd49", "tree": "d1d5debe01e000fd38f2af8232d342a054b754a4", "parents": [ "12fa8a2732e6d0bb42c311f76250f7871d042df8" ], "author": { "name": "Mimi Zohar", "email": "zohar@us.ibm.com", "time": "Mon May 14 21:50:11 2012 -0400" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed May 16 10:36:41 2012 +1000" }, "message": "ima: fix filename hint to reflect script interpreter name\n\nWhen IMA was first upstreamed, the bprm filename and interp were\nalways the same. Currently, the bprm-\u003efilename and bprm-\u003einterp\nare the same, except for when only bprm-\u003einterp contains the\ninterpreter name. So instead of using the bprm-\u003efilename as\nthe IMA filename hint in the measurement list, we could replace\nit with bprm-\u003einterp, but this feels too fragil.\n\nThe following patch is not much better, but at least there is some\nindication that sometimes we\u0027re passing the filename and other times\nthe interpreter name.\n\nReported-by: Andrew Lunn \u003candrew@lunn.ch\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "a69f15890292b5449f9056b4bb322b044e6ce0c6", "tree": "7a37f3826e958787ca7d78603c9031d29558f43f", "parents": [ "28042fabf43b9a8ccfaa38f8c8187cc525e53fd3" ], "author": { "name": "Randy Dunlap", "email": "rdunlap@xenotime.net", "time": "Fri Feb 24 11:28:05 2012 -0800" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Feb 28 11:01:15 2012 +1100" }, "message": "security: fix ima kconfig warning\n\nFix IMA kconfig warning on non-X86 architectures:\n\nwarning: (IMA) selects TCG_TIS which has unmet direct dependencies\n(TCG_TPM \u0026\u0026 X86)\n\nSigned-off-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nReported-by: Geert Uytterhoeven \u003cgeert@linux-m68k.org\u003e\nAcked-by: Rajiv Andrade \u003csrajiv@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "b0d5de4d58803bbcce2b8175a8dd21c559a3abc1", "tree": "08213154dd13ab28eac64e9a87b3a8b7e5660381", "parents": [ "bf06189e4d14641c0148bea16e9dd24943862215" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 14 17:11:07 2012 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 16 12:01:42 2012 +1100" }, "message": "IMA: fix audit res field to indicate 1 for success and 0 for failure\n\nThe audit res field ususally indicates success with a 1 and 0 for a\nfailure. So make IMA do it the same way.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c", "tree": "2750d9fc94b8fb78d9982ea4a62d586e7f0a7862", "parents": [ "2eb6038c51034bf7f9335b15ce9238a028fdd2d6", "4c2c392763a682354fac65b6a569adec4e4b5387" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 09 17:02:34 2012 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 09 17:02:34 2012 +1100" }, "message": "Merge branch \u0027next-queue\u0027 into next\n" }, { "commit": "4c2c392763a682354fac65b6a569adec4e4b5387", "tree": "490b840399ed1e010561f4b97018f3c0a3caf8b6", "parents": [ "f4a0391dfa91155bd961673b31eb42d9d45c799d" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Oct 18 14:16:28 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jan 19 21:30:21 2012 -0500" }, "message": "ima: policy for RAMFS\n\nDon\u0027t measure ramfs files.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "f4a0391dfa91155bd961673b31eb42d9d45c799d", "tree": "21186b7a48986afa47115cefaf9d385fb9f8dcf7", "parents": [ "700920eb5ba4de5417b446c9a8bb008df2b973e0" ], "author": { "name": "Fabio Estevam", "email": "festevam@gmail.com", "time": "Thu Jan 05 12:49:54 2012 -0200" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jan 19 21:30:09 2012 -0500" }, "message": "ima: fix Kconfig dependencies\n\nFix the following build warning:\nwarning: (IMA) selects TCG_TPM which has unmet direct dependencies\n(HAS_IOMEM \u0026\u0026 EXPERIMENTAL)\n\nSuggested-by: Rajiv Andrade \u003csrajiv@linux.vnet.ibm.com\u003e\nSigned-off-by: Fabio Estevam \u003cfabio.estevam@freescale.com\u003e\nSigned-off-by: Rajiv Andrade \u003csrajiv@linux.vnet.ibm.com\u003e\nCc: \u003cstable@vger.kernel.org\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "3db59dd93309710c40aaf1571c607cb0feef3ecb", "tree": "6a224a855aad0e5207abae573456b2d2ec381f7c", "parents": [ "4bf1924c008dffdc154f82507b4052e49263a6f4" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 17 22:11:28 2012 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jan 19 15:59:11 2012 +1100" }, "message": "ima: fix cred sparse warning\n\nFix ima_policy.c sparse \"warning: dereference of noderef expression\"\nmessage, by accessing cred-\u003euid using current_cred().\n\nChangelog v1:\n- Change __cred to just cred (based on David Howell\u0027s comment)\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a25a2b84098eb5e001cb8086603d692aa95bf2ec", "tree": "02c01b36251f7b0afb1a98093e14efb17d015910", "parents": [ "f429ee3b808118591d1f3cdf3c0d0793911a5677", "f1be242c95257b199d8b679bc952ca33487c9af6" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 17 16:43:39 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 17 16:43:39 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:\n integrity: digital signature config option name change\n lib: Removed MPILIB, MPILIB_EXTRA, and SIGNATURE prompts\n lib: MPILIB Kconfig description update\n lib: digital signature dependency fix\n lib: digital signature config option name change\n encrypted-keys: fix rcu and sparse messages\n keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages\n KEYS: Add missing smp_rmb() primitives to the keyring search code\n TOMOYO: Accept \\000 as a valid character.\n security: update MAINTAINERS file with new git repo\n" }, { "commit": "f1be242c95257b199d8b679bc952ca33487c9af6", "tree": "fa3a1057bbd9caedca959c1fa3811413bf101d7d", "parents": [ "2e5f094b9dbf9463ab93f86351cd1a8dc88942cc" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Jan 17 17:12:07 2012 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:46:27 2012 +1100" }, "message": "integrity: digital signature config option name change\n\nSimilar to SIGNATURE, rename INTEGRITY_DIGSIG to INTEGRITY_SIGNATURE.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5e8898e97a5db4125d944070922164d1d09a2689", "tree": "a5319fcc60499e63fecc7a08d923a1de8f9c7622", "parents": [ "6ac6172a935d1faf7ef259802267657bc0007a62" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Jan 17 17:12:03 2012 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:46:21 2012 +1100" }, "message": "lib: digital signature config option name change\n\nIt was reported that DIGSIG is confusing name for digital signature\nmodule. It was suggested to rename DIGSIG to SIGNATURE.\n\nRequested-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSuggested-by: Pavel Machek \u003cpavel@ucw.cz\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "41fdc3054e23e3229edea27053522fe052d02ec2", "tree": "00bb62aef2288df07eae059f344d11d32b004f69", "parents": [ "5afb8a3f96573f7ea018abb768f5b6ebe1a6c1a4" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Sat Jan 07 10:41:04 2012 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:17:03 2012 -0500" }, "message": "audit: treat s_id as an untrusted string\n\nThe use of s_id should go through the untrusted string path, just to be\nextra careful.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8", "tree": "a118eaef15d4ba22247f45ee01537ecc906cd161", "parents": [ "805a6af8dba5dfdd35ec35dc52ec0122400b2610", "7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n\nConflicts:\n\tsecurity/integrity/evm/evm_crypto.c\n\nResolved upstream fix vs. next conflict manually.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "97426f985729573cea06e82e271cc3929f1f5f8e", "tree": "4aafe725018a95dc5c76ede5199d24aea524b060", "parents": [ "d21b59451886cb82448302f8d6f9ac87c3bd56cf" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Dec 05 13:17:42 2011 +0200" }, "committer": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Dec 20 17:50:08 2011 +0200" }, "message": "evm: prevent racing during tfm allocation\n\nThere is a small chance of racing during tfm allocation.\nThis patch fixes it.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d21b59451886cb82448302f8d6f9ac87c3bd56cf", "tree": "f2842dca9ee3c2c3febbe2f6984bb2c5e2a34c28", "parents": [ "511585a28e5b5fd1cac61e601e42efc4c5dd64b5" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Dec 05 13:17:41 2011 +0200" }, "committer": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Dec 20 17:45:45 2011 +0200" }, "message": "evm: key must be set once during initialization\n\nOn multi-core systems, setting of the key before every caclculation,\ncauses invalid HMAC calculation for other tfm users, because internal\nstate (ipad, opad) can be invalid before set key call returns.\nIt needs to be set only once during initialization.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da", "tree": "af324024e68047b9fff7ddf49c3e8f8e6024792e", "parents": [ "45fae7493970d7c45626ccd96d4a74f5f1eea5a9" ], "author": { "name": "Roberto Sassu", "email": "roberto.sassu@polito.it", "time": "Mon Dec 19 15:57:28 2011 +0100" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 19 22:07:54 2011 -0500" }, "message": "ima: fix invalid memory reference\n\nDon\u0027t free a valid measurement entry on TPM PCR extend failure.\n\nSigned-off-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nCc: stable@vger.kernel.org\n" }, { "commit": "45fae7493970d7c45626ccd96d4a74f5f1eea5a9", "tree": "0c7bdd82bfcb4bd921a64abb441ca5c20c82a3df", "parents": [ "114d6e9c103736487c967060d0a7aec9a7fce967" ], "author": { "name": "Roberto Sassu", "email": "roberto.sassu@polito.it", "time": "Mon Dec 19 15:57:27 2011 +0100" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 19 22:04:32 2011 -0500" }, "message": "ima: free duplicate measurement memory\n\nInfo about new measurements are cached in the iint for performance. When\nthe inode is flushed from cache, the associated iint is flushed as well.\nSubsequent access to the inode will cause the inode to be re-measured and\nwill attempt to add a duplicate entry to the measurement list.\n\nThis patch frees the duplicate measurement memory, fixing a memory leak.\n\nSigned-off-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nCc: stable@vger.kernel.org\n" }, { "commit": "143b01d33221e4937d3930e6bb2b63d70b7c7a65", "tree": "5cae452fecfd8b1fb6b0ae1f159929ada81d8b1f", "parents": [ "88d7ed35085184f15a2af3d9e88d775059b2f307" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Dec 05 13:17:42 2011 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 08 10:06:12 2011 +1100" }, "message": "evm: prevent racing during tfm allocation\n\nThere is a small chance of racing during tfm allocation.\nThis patch fixes it.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "88d7ed35085184f15a2af3d9e88d775059b2f307", "tree": "f02d2530e0f665fea4c5b240404f7767d39f47bf", "parents": [ "fe0e94c5a7e5335ba0d200e7d3e26e9f80cda4b1" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Dec 05 13:17:41 2011 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 08 10:06:09 2011 +1100" }, "message": "evm: key must be set once during initialization\n\nOn multi-core systems, setting of the key before every caclculation,\ncauses invalid HMAC calculation for other tfm users, because internal\nstate (ipad, opad) can be invalid before set key call returns.\nIt needs to be set only once during initialization.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "de353533753e048b5c4658f0a42365937527ac45", "tree": "376ea9cb73de3691d4f907ad98f13f838742395e", "parents": [ "4e2c5b28f8086cd2f678ade0ea21d8c3cc058c53" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Nov 21 17:31:15 2011 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 22 10:02:32 2011 +1100" }, "message": "digsig: build dependency fix\n\nFix build errors by adding Kconfig dependency on KEYS.\nCRYPTO dependency removed.\n\n CC security/integrity/digsig.o\nsecurity/integrity/digsig.c: In function ?integrity_digsig_verify?:\nsecurity/integrity/digsig.c:38:4: error: implicit declaration of function ?request_key?\nsecurity/integrity/digsig.c:38:17: error: ?key_type_keyring? undeclared (first use in this function)\nsecurity/integrity/digsig.c:38:17: note: each undeclared identifier is reported only once for each function it appears in\nmake[2]: *** [security/integrity/digsig.o] Error 1\n\nReported-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "15647eb3985ef30dfd657038924dc85c03026733", "tree": "5d4629ef3b687ff56a446f42a8ee5aa35ec9322b", "parents": [ "8607c501478432b23654739c7321bc7456053cb6" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 01 14:41:40 2011 +0300" }, "committer": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Nov 09 16:51:14 2011 +0200" }, "message": "evm: digital signature verification support\n\nThis patch adds support for digital signature verification to EVM.\nWith this feature file metadata can be protected using digital\nsignature instead of an HMAC. When building an image,\nwhich has to be flashed to different devices, an HMAC cannot\nbe used to sign file metadata, because the HMAC key should be\ndifferent on every device.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "8607c501478432b23654739c7321bc7456053cb6", "tree": "598ef1649a261954cb1cafc05189ddedb3bd3ff8", "parents": [ "051dbb918c7fb7da8e64a2cd0d804ba73399709f" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Oct 05 11:54:46 2011 +0300" }, "committer": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Nov 09 16:51:09 2011 +0200" }, "message": "integrity: digital signature verification using multiple keyrings\n\nDefine separate keyrings for each of the different use cases - evm, ima,\nand modules. Using different keyrings improves search performance, and also\nallows \"locking\" specific keyring to prevent adding new keys.\nThis is useful for evm and module keyrings, when keys are usually only\nadded from initramfs.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "de0a5345a55b8dd5a4695181275df0e691176830", "tree": "17530e824f7f46ce0b1757657179fb5957a6add5", "parents": [ "994c0e992522c123298b4a91b72f5e67ba2d1123", "8535639810e578960233ad39def3ac2157b0c3ec" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 02 09:45:39 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 02 09:45:39 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://github.com/richardweinberger/linux\n\n* \u0027for-linus\u0027 of git://github.com/richardweinberger/linux: (90 commits)\n um: fix ubd cow size\n um: Fix kmalloc argument order in um/vdso/vma.c\n um: switch to use of drivers/Kconfig\n UserModeLinux-HOWTO.txt: fix a typo\n UserModeLinux-HOWTO.txt: remove ^H characters\n um: we need sys/user.h only on i386\n um: merge delay_{32,64}.c\n um: distribute exports to where exported stuff is defined\n um: kill system-um.h\n um: generic ftrace.h will do...\n um: segment.h is x86-only and needed only there\n um: asm/pda.h is not needed anymore\n um: hw_irq.h can go generic as well\n um: switch to generic-y\n um: clean Kconfig up a bit\n um: a couple of missing dependencies...\n um: kill useless argument of free_chan() and free_one_chan()\n um: unify ptrace_user.h\n um: unify KSTK_...\n um: fix gcov build breakage\n ...\n" }, { "commit": "3369465ed1a6a9aa9b885a6d7d8e074ecbd782da", "tree": "ac60be76e1d363caab63156c1390f1ab0c4ee96c", "parents": [ "c039aff672a540f8976770e74599d350de1805cb" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Thu Aug 18 20:11:59 2011 +0100" }, "committer": { "name": "Richard Weinberger", "email": "richard@nod.at", "time": "Wed Nov 02 14:15:41 2011 +0100" }, "message": "um: switch to use of drivers/Kconfig\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Richard Weinberger \u003crichard@nod.at\u003e\n" }, { "commit": "fb788d8b981fa55603873416882f8dcf835e7924", "tree": "023d8410571f27e8d10bf6fc0a4a088cb9368df6", "parents": [ "566be59ab86c0e030b980645a580d683a015a483" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Aug 15 15:30:11 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:52 2011 -0400" }, "message": "evm: clean verification status\n\nWhen allocating from slab, initialization is done the first time in\ninit_once() and subsequently on free. Because evm_status was not\nre-initialized on free, evm_verify_hmac() skipped verifications.\n\nThis patch re-initializes evm_status.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "566be59ab86c0e030b980645a580d683a015a483", "tree": "c5d29c7db2f8ef93e970cb405621f59c57d01b94", "parents": [ "bf6d0f5dcda17df3cc5577e203d0f8ea1c2ad6aa" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Aug 22 09:14:18 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:52 2011 -0400" }, "message": "evm: permit mode bits to be updated\n\nBefore permitting \u0027security.evm\u0027 to be updated, \u0027security.evm\u0027 must\nexist and be valid. In the case that there are no existing EVM protected\nxattrs, it is safe for posix acls to update the mode bits.\n\nTo differentiate between no \u0027security.evm\u0027 xattr and no xattrs used to\ncalculate \u0027security.evm\u0027, this patch defines INTEGRITY_NOXATTR.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "bf6d0f5dcda17df3cc5577e203d0f8ea1c2ad6aa", "tree": "c6c5f39d43fe0d27bc1d3aedbd2f9b3ba2f8f537", "parents": [ "a924ce0b35875ef9512135b46a32f4150fd700b2" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Aug 18 18:07:44 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:51 2011 -0400" }, "message": "evm: posix acls modify i_mode\n\nThe posix xattr acls are \u0027system\u0027 prefixed, which normally would not\naffect security.evm. An interesting side affect of writing posix xattr\nacls is their modifying of the i_mode, which is included in security.evm.\n\nThis patch updates security.evm when posix xattr acls are written.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "a924ce0b35875ef9512135b46a32f4150fd700b2", "tree": "0e01ac679790fe96c03b341b2670a2ed9c56a122", "parents": [ "fb88c2b6cbb1265a8bef60694699b37f5cd4ba76" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Aug 11 01:22:30 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:51 2011 -0400" }, "message": "evm: limit verifying current security.evm integrity\n\nevm_protect_xattr unnecessarily validates the current security.evm\nintegrity, before updating non-evm protected extended attributes\nand other file metadata. This patch limits validating the current\nsecurity.evm integrity to evm protected metadata.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "1d714057ef8f6348eba7b28ace6d307513e57cef", "tree": "a848b86df6257b347b6929f9ad09666105996003", "parents": [ "982e617a313b57abee3bcfa53381c356d00fd64a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Sun Aug 28 08:57:11 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:49 2011 -0400" }, "message": "evm: remove TCG_TPM dependency\n\nAll tristates selected by EVM(boolean) are forced to be builtin, except\nin the TCG_TPM(tristate) dependency case. Arnaud Lacombe summarizes the\nKconfig bug as, \"So it would seem direct dependency state influence the\nstate of reverse dependencies..\" For a detailed explanation, refer to\nArnaud Lacombe\u0027s posting http://lkml.org/lkml/2011/8/23/498.\n\nWith the \"encrypted-keys: remove trusted-keys dependency\" patch, EVM\ncan now be built without a dependency on TCG_TPM. The trusted-keys\ndependency requires trusted-keys to either be builtin or not selected.\nThis dependency will prevent the boolean/tristate mismatch from\noccuring.\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e,\n Randy Dunlap \u003crdunlap@xenotimenet\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "d5813a571876c72766f125b1c6e63414f6822c28", "tree": "fe688a7aa64fa890741e5a87800a3f95ddcaaee6", "parents": [ "b97e14520207dccb5cdf93f322e571bf907df104" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 10:19:50 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:30 2011 -0700" }, "message": "ima: sparse fix: include linux/ima.h in ima_main.c\n\nFixes sparse warnings:\nsecurity/integrity/ima/ima_main.c:105:6: warning: symbol \u0027ima_file_free\u0027 was not declared. Should it be static?\nsecurity/integrity/ima/ima_main.c:167:5: warning: symbol \u0027ima_file_mmap\u0027 was not declared. Should it be static?\nsecurity/integrity/ima/ima_main.c:192:5: warning: symbol \u0027ima_bprm_check\u0027 was not declared. Should it be static?\nsecurity/integrity/ima/ima_main.c:211:5: warning: symbol \u0027ima_file_check\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b97e14520207dccb5cdf93f322e571bf907df104", "tree": "1757e5541378136752d608ecde87e1c7251afbb0", "parents": [ "cc7db09952faefc86187c67c4adf5cbdb6fe2c1b" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 10:18:30 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:29 2011 -0700" }, "message": "ima: sparse fix: make ima_open_policy static\n\nFixes sparse warning:\nsecurity/integrity/ima/ima_fs.c:290:5: warning: symbol \u0027ima_open_policy\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4892722e06694fda1928bac4aa5af5505bd26a4c", "tree": "eaeeb90d98ad1ad35bf32c75a579d28a70b722e2", "parents": [ "fc9ff9b7e3eaff3f49bc0fbbddfc1416212e888a" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 10:34:33 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:24 2011 -0700" }, "message": "integrity: sparse fix: move iint_initialized to integrity.h\n\nSparse fix: move iint_initialized to integrity.h\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dbe5ad17ec62fbd3be7789f9a5ab71d23da8acf0", "tree": "60e4ae2f8b5d66faac484f5774d22290a51c21e4", "parents": [ "09f464bf0961aba3cd917d4939597bafb269fb95" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Aug 17 18:51:36 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 18 12:58:12 2011 +1000" }, "message": "evm: add Kconfig TCG_TPM dependency\n\nAlthough the EVM encrypted-key should be encrypted/decrypted using a\ntrusted-key, a user-defined key could be used instead. When using a user-\ndefined key, a TCG_TPM dependency should not be required. Unfortunately,\nthe encrypted-key code needs to be refactored a bit in order to remove\nthis dependency.\n\nThis patch adds the TCG_TPM dependency.\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e,\n\t Randy Dunlap \u003crdunlap@xenotimenet\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5a4730ba9517cf2793175991243436a24b1db18f", "tree": "2c9c26d4662a31c851aed525d4d032d08e54e297", "parents": [ "e1c9b23adbe86c725738402857397d7a29f9d6ef" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Aug 11 00:22:52 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 11 17:42:41 2011 +1000" }, "message": "evm: fix evm_inode_init_security return code\n\nevm_inode_init_security() should return 0, when EVM is not enabled.\n(Returning an error is a remnant of evm_inode_post_init_security.)\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0b024d2446474c6a7c47573af5a35db83f557ce3", "tree": "56d1d380cd4f87581a0e276ee80cc52e438738b8", "parents": [ "5a2f3a02aea164f4f59c0c3497772090a411b462" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 11:33:36 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 11:33:36 2011 +1000" }, "message": "EVM: ensure trusted and encypted key symbols are available to EVM\n\nSelect trusted and encrypted keys if EVM is selected, to ensure\nthe requisite symbols are available. Otherwise, these can be\nselected as modules while EVM is static, leading to a kernel\nbuild failure.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5a2f3a02aea164f4f59c0c3497772090a411b462", "tree": "d3ebe03d4f97575290087843960baa01de3acd0a", "parents": [ "1d568ab068c021672d6cd7f50f92a3695a921ffb", "817b54aa45db03437c6d09a7693fc6926eb8e822" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 10:31:03 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 10:31:03 2011 +1000" }, "message": "Merge branch \u0027next-evm\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/ima-2.6 into next\n\nConflicts:\n\tfs/attr.c\n\nResolve conflict manually.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4b2a2c67415f1ab128f1d0b340fe6d13363335e5", "tree": "4553a90b12550980ac1dc40288458865e3eb186f", "parents": [ "ed476418394f12d47f27a75424c237a94d244f10" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 04:30:35 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 13:04:32 2011 -0400" }, "message": "ima: fmode_t misspelled as mode_t...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "817b54aa45db03437c6d09a7693fc6926eb8e822", "tree": "03d43f3abfbd8670e3a30a33ef868ec7705ef2c4", "parents": [ "7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri May 13 12:53:38 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:50 2011 -0400" }, "message": "evm: add evm_inode_setattr to prevent updating an invalid security.evm\n\nPermit changing of security.evm only when valid, unless in fixmode.\n\nReported-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac", "tree": "1de4ac95b25e6bebab103e4377047c8f76038dac", "parents": [ "24e0198efe0df50034ec1c14b2d7b5bb0f66d54a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu May 12 18:33:20 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:49 2011 -0400" }, "message": "evm: permit only valid security.evm xattrs to be updated\n\nIn addition to requiring CAP_SYS_ADMIN permission to modify/delete\nsecurity.evm, prohibit invalid security.evm xattrs from changing,\nunless in fixmode. This patch prevents inadvertent \u0027fixing\u0027 of\nsecurity.evm to reflect offline modifications.\n\nChangelog v7:\n- rename boot paramater \u0027evm_mode\u0027 to \u0027evm\u0027\n\nReported-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "24e0198efe0df50034ec1c14b2d7b5bb0f66d54a", "tree": "64f7d23cd7b07dabe826c2a6ed37f7c1842816b2", "parents": [ "6d38ca01c0c2d6c2e46ec1984db9ada6bad6ca26" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@nokia.com", "time": "Fri May 06 11:34:17 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:48 2011 -0400" }, "message": "evm: replace hmac_status with evm_status\n\nWe will use digital signatures in addtion to hmac.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@nokia.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "6d38ca01c0c2d6c2e46ec1984db9ada6bad6ca26", "tree": "6084a84cd87d18c261d62dc816d48335ce602447", "parents": [ "2960e6cb5f7c662b8edb6b0d2edc72095b4f5672" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@nokia.com", "time": "Fri May 06 11:34:14 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:48 2011 -0400" }, "message": "evm: evm_verify_hmac must not return INTEGRITY_UNKNOWN\n\nIf EVM is not supported or enabled, evm_verify_hmac() returns\nINTEGRITY_UNKNOWN, which ima_appraise_measurement() ignores and sets\nthe appraisal status based solely on the security.ima verification.\n\nevm_verify_hmac() also returns INTEGRITY_UNKNOWN for other failures, such\nas temporary failures like -ENOMEM, resulting in possible attack vectors.\nThis patch changes the default return code for temporary/unexpected\nfailures, like -ENOMEM, from INTEGRITY_UNKNOWN to INTEGRITY_FAIL, making\nevm_verify_hmac() fail safe.\n\nAs a result, failures need to be re-evaluated in order to catch both\ntemporary errors, such as the -ENOMEM, as well as errors that have been\nresolved in fix mode.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@nokia.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "2960e6cb5f7c662b8edb6b0d2edc72095b4f5672", "tree": "84e8c3378312243087089a669e4209f43d531b37", "parents": [ "d46eb3699502ba221e81e88e6c6594e2a7818532" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@nokia.com", "time": "Fri May 06 11:34:13 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:47 2011 -0400" }, "message": "evm: additional parameter to pass integrity cache entry \u0027iint\u0027\n\nAdditional iint parameter allows to skip lookup in the cache.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@nokia.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "d46eb3699502ba221e81e88e6c6594e2a7818532", "tree": "4761b63f12ded9ad53e3019c33d62d173b4b07da", "parents": [ "823eb1ccd0b310449e99c822412ea8208334d14c" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@nokia.com", "time": "Wed Mar 09 15:07:36 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:46 2011 -0400" }, "message": "evm: crypto hash replaced by shash\n\nUsing shash is more efficient, because the algorithm is allocated only\nonce. Only the descriptor to store the hash state needs to be allocated\nfor every operation.\n\nChangelog v6:\n- check for crypto_shash_setkey failure\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@nokia.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "cb72318069d5e92eb74840118732c66eb38c812f", "tree": "eb4e9a6c923567e01ddd1340f9430eb3c43f4aeb", "parents": [ "975d294373d8c1c913ad2bf4eb93966d4c7ca38f" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Mar 09 14:40:44 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:45 2011 -0400" }, "message": "evm: add evm_inode_init_security to initialize new files\n\nInitialize \u0027security.evm\u0027 for new files.\n\nChangelog v7:\n- renamed evm_inode_post_init_security to evm_inode_init_security\n- moved struct xattr definition to earlier patch\n- allocate xattr name\nChangelog v6:\n- Use \u0027struct evm_ima_xattr_data\u0027\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "3e1be52d6c6b21d9080dd886c0e609e009831562", "tree": "2947250698b89eed0149af2d69a33b303c4d6be4", "parents": [ "6be5cc5246f807fd8ede9f5f1bb2826f2c598658" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Mar 09 14:38:26 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:42 2011 -0400" }, "message": "security: imbed evm calls in security hooks\n\nImbed the evm calls evm_inode_setxattr(), evm_inode_post_setxattr(),\nevm_inode_removexattr() in the security hooks. evm_inode_setxattr()\nprotects security.evm xattr. evm_inode_post_setxattr() and\nevm_inode_removexattr() updates the hmac associated with an inode.\n\n(Assumes an LSM module protects the setting/removing of xattr.)\n\nChangelog:\n - Don\u0027t define evm_verifyxattr(), unless CONFIG_INTEGRITY is enabled.\n - xattr_name is a \u0027const\u0027, value is \u0027void *\u0027\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@ubuntu.com\u003e\n" }, { "commit": "6be5cc5246f807fd8ede9f5f1bb2826f2c598658", "tree": "00fc342eb91fb50df4e8eddfe2a7294b27df8117", "parents": [ "66dbc325afcef909043c30e90930a36823fc734c" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@nokia.com", "time": "Wed Mar 09 14:28:20 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:41 2011 -0400" }, "message": "evm: add support for different security.evm data types\n\nEVM protects a file\u0027s security extended attributes(xattrs) against integrity\nattacks. The current patchset maintains an HMAC-sha1 value across the security\nxattrs, storing the value as the extended attribute \u0027security.evm\u0027. We\nanticipate other methods for protecting the security extended attributes.\nThis patch reserves the first byte of \u0027security.evm\u0027 as a place holder for\nthe type of method.\n\nChangelog v6:\n- move evm_ima_xattr_type definition to security/integrity/integrity.h\n- defined a structure for the EVM xattr called evm_ima_xattr_data\n (based on Serge Hallyn\u0027s suggestion)\n- removed unnecessary memset\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@nokia.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\n" }, { "commit": "66dbc325afcef909043c30e90930a36823fc734c", "tree": "5c8a7fe063a058f4266c6db5e48229e8c04dd00e", "parents": [ "1601fbad2b14e0b8d4dbb55e749bfe31e972818a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Mar 15 16:12:09 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:40 2011 -0400" }, "message": "evm: re-release\n\nEVM protects a file\u0027s security extended attributes(xattrs) against integrity\nattacks. This patchset provides the framework and an initial method. The\ninitial method maintains an HMAC-sha1 value across the security extended\nattributes, storing the HMAC value as the extended attribute \u0027security.evm\u0027.\nOther methods of validating the integrity of a file\u0027s metadata will be posted\nseparately (eg. EVM-digital-signatures).\n\nWhile this patchset does authenticate the security xattrs, and\ncryptographically binds them to the inode, coming extensions will bind other\ndirectory and inode metadata for more complete protection. To help simplify\nthe review and upstreaming process, each extension will be posted separately\n(eg. IMA-appraisal, IMA-appraisal-directory). For a general overview of the\nproposed Linux integrity subsystem, refer to Dave Safford\u0027s whitepaper:\nhttp://downloads.sf.net/project/linux-ima/linux-ima/Integrity_overview.pdf.\n\nEVM depends on the Kernel Key Retention System to provide it with a\ntrusted/encrypted key for the HMAC-sha1 operation. The key is loaded onto the\nroot\u0027s keyring using keyctl. Until EVM receives notification that the key has\nbeen successfully loaded onto the keyring (echo 1 \u003e \u003csecurityfs\u003e/evm), EVM can\nnot create or validate the \u0027security.evm\u0027 xattr, but returns INTEGRITY_UNKNOWN.\nLoading the key and signaling EVM should be done as early as possible. Normally\nthis is done in the initramfs, which has already been measured as part of the\ntrusted boot. For more information on creating and loading existing\ntrusted/encrypted keys, refer to Documentation/keys-trusted-encrypted.txt. A\nsample dracut patch, which loads the trusted/encrypted key and enables EVM, is\navailable from http://linux-ima.sourceforge.net/#EVM.\n\nBased on the LSMs enabled, the set of EVM protected security xattrs is defined\nat compile. EVM adds the following three calls to the existing security hooks:\nevm_inode_setxattr(), evm_inode_post_setxattr(), and evm_inode_removexattr. To\ninitialize and update the \u0027security.evm\u0027 extended attribute, EVM defines three\ncalls: evm_inode_post_init(), evm_inode_post_setattr() and\nevm_inode_post_removexattr() hooks. To verify the integrity of a security\nxattr, EVM exports evm_verifyxattr().\n\nChangelog v7:\n- Fixed URL in EVM ABI documentation\n\nChangelog v6: (based on Serge Hallyn\u0027s review)\n- fix URL in patch description\n- remove evm_hmac_size definition\n- use SHA1_DIGEST_SIZE (removed both MAX_DIGEST_SIZE and evm_hmac_size)\n- moved linux include before other includes\n- test for crypto_hash_setkey failure\n- fail earlier for invalid key\n- clear entire encrypted key, even on failure\n- check xattr name length before comparing xattr names\n\nChangelog:\n- locking based on i_mutex, remove evm_mutex\n- using trusted/encrypted keys for storing the EVM key used in the HMAC-sha1\n operation.\n- replaced crypto hash with shash (Dmitry Kasatkin)\n- support for additional methods of verifying the security xattrs\n (Dmitry Kasatkin)\n- iint not allocated for all regular files, but only for those appraised\n- Use cap_sys_admin in lieu of cap_mac_admin\n- Use __vfs_setxattr_noperm(), without permission checks, from EVM\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\n" }, { "commit": "f381c272224f5f158f5cff64f8f3481fa0eee8b3", "tree": "a003dc4c6635c9d2fa90f31577ba5e7ea7bc71b1", "parents": [ "9d8f13ba3f4833219e50767b022b82cd0da930eb" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Mar 09 14:13:22 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:38 2011 -0400" }, "message": "integrity: move ima inode integrity data management\n\nMove the inode integrity data(iint) management up to the integrity directory\nin order to share the iint among the different integrity models.\n\nChangelog:\n- don\u0027t define MAX_DIGEST_SIZE\n- rename several globally visible \u0027ima_\u0027 prefixed functions, structs,\n locks, etc to \u0027integrity_\u0027\n- replace \u002720\u0027 with SHA1_DIGEST_SIZE\n- reflect location change in appropriate Kconfig and Makefiles\n- remove unnecessary initialization of iint_initialized to 0\n- rebased on current ima_iint.c\n- define integrity_iint_store/lock as static\n\nThere should be no other functional changes.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@ubuntu.com\u003e\n" }, { "commit": "1adace9bb04a5f4a4dea9e642089102661bb0ceb", "tree": "2396099935c50d838899a01da1438b8a441619de", "parents": [ "854fdd55bfdd56cfc61bd30f2062a9268fcebba6" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Feb 22 10:19:43 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 23 16:38:52 2011 -0500" }, "message": "ima: remove unnecessary call to ima_must_measure\n\nThe original ima_must_measure() function based its results on cached\niint information, which required an iint be allocated for all files.\nCurrently, an iint is allocated only for files in policy. As a result,\nfor those files in policy, ima_must_measure() is now called twice: once\nto determine if the inode is in the measurement policy and, the second\ntime, to determine if it needs to be measured/re-measured.\n\nThe second call to ima_must_measure() unnecessarily checks to see if\nthe file is in policy. As we already know the file is in policy, this\npatch removes the second unnecessary call to ima_must_measure(), removes\nthe vestige iint parameter, and just checks the iint directly to determine\nif the inode has been measured or needs to be measured/re-measured.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "854fdd55bfdd56cfc61bd30f2062a9268fcebba6", "tree": "139af793bf7395002e6e68978b603d47f28f7dc2", "parents": [ "890275b5eb79e9933d12290473eab9ac38da0051" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 02 10:14:22 2010 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Feb 10 07:51:44 2011 -0500" }, "message": "IMA: remove IMA imbalance checking\n\nNow that i_readcount is maintained by the VFS layer, remove the\nimbalance checking in IMA. Cleans up the IMA code nicely.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "890275b5eb79e9933d12290473eab9ac38da0051", "tree": "8fa529a6fdfa7647ed4e14287658b71df8636ddd", "parents": [ "a5c96ebf1d71df0c5fb77ab58c9aeb307cf02372" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 02 10:13:07 2010 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Feb 10 07:51:44 2011 -0500" }, "message": "IMA: maintain i_readcount in the VFS layer\n\nima_counts_get() updated the readcount and invalidated the PCR,\nas necessary. Only update the i_readcount in the VFS layer.\nMove the PCR invalidation checks to ima_file_check(), where it\nbelongs.\n\nMaintaining the i_readcount in the VFS layer, will allow other\nsubsystems to use i_readcount.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "a68a27b6f2354273bacc39c3dd06456edb202230", "tree": "d73396dab134842ecd1e86d665718e75012e7e78", "parents": [ "75a25637bf8a1b8fbed2368c0a3ec15c66a534f1" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 02 10:10:56 2010 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Feb 10 07:51:43 2011 -0500" }, "message": "IMA: convert i_readcount to atomic\n\nConvert the inode\u0027s i_readcount from an unsigned int to atomic.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" } ], "next": "867c20265459d30a01b021a9c1e81fb4c5832aa9" }