Mimi Zohar bb7f9e5c38 evm: prohibit userspace writing 'security.evm' HMAC value ...

commit 2fb1c9a4f2 upstream.

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2014-06-26 15:12:37 -04:00

..

apparmor

new helper: file_inode(file)

2013-02-22 23:31:31 -05:00

integrity

evm: prohibit userspace writing 'security.evm' HMAC value

2014-06-26 15:12:37 -04:00

keys

aio: don't include aio.h in sched.h

2013-05-07 20:16:25 -07:00

selinux

selinux: correctly label /proc inodes in use before the policy is loaded

2014-04-14 06:42:14 -07:00

smack

Smack: include magic.h in smackfs.c

2013-04-03 13:13:51 +11:00

tomoyo

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2013-05-01 17:51:54 -07:00

yama

yama: Better permission check for ptraceme

2013-03-26 13:17:58 -07:00

capability.c

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

2013-04-30 16:27:51 -07:00

commoncap.c

kill f_vfsmnt

2013-02-26 02:46:10 -05:00

device_cgroup.c

devcg: remove parent_cgroup.

2013-04-18 11:34:35 -07:00

inode.c

securityfs: fix object creation races

2012-01-10 10:20:35 -05:00

Kconfig

KEYS: Move the key config into security/keys/Kconfig

2012-05-11 10:56:56 +01:00

lsm_audit.c

LSM: BUILD_BUG_ON if the common_audit_data union ever grows

2012-04-09 12:23:03 -04:00

Makefile

security: Yama LSM

2012-02-10 09:18:52 +11:00

min_addr.c

…

security.c

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

2013-04-30 16:27:51 -07:00