evm: Implement per signature type decision in security_inode_copy_up_xattr - linux

diff options

author	Stefan Berger <stefanb@linux.ibm.com>	2024-02-23 18:25:06 +0100
committer	Mimi Zohar <zohar@linux.ibm.com>	2024-04-09 23:14:57 +0200
commit	f2b3fc42f6ce19524d8ecaf9f878456ed8c50914 (patch)
tree	1233c3acc4d22f7621f4cd577716932ac0f99c5d /security/integrity/evm/evm_crypto.c
parent	security: allow finer granularity in permitting copy-up of security xattrs (diff)
download	linux-f2b3fc42f6ce19524d8ecaf9f878456ed8c50914.tar.xz linux-f2b3fc42f6ce19524d8ecaf9f878456ed8c50914.zip

evm: Implement per signature type decision in security_inode_copy_up_xattr

To support "portable and immutable signatures" on otherwise unsupported filesystems, determine the EVM signature type by the content of a file's xattr. If the file has the appropriate signature type then allow it to be copied up. All other signature types are discarded as before. "Portable and immutable" EVM signatures can be copied up by stacked file- system since the metadata their signature covers does not include file- system-specific data such as a file's inode number, generation, and UUID. Co-developed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

Diffstat (limited to '')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: