evm: permit only valid security.evm xattrs to be updated - linux

diff options

author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2011-05-13 00:33:20 +0200
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2011-07-18 18:29:49 +0200
commit	7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac (patch)
tree	1de4ac95b25e6bebab103e4377047c8f76038dac /security/security.c
parent	evm: replace hmac_status with evm_status (diff)
download	linux-7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac.tar.xz linux-7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac.zip

evm: permit only valid security.evm xattrs to be updated

In addition to requiring CAP_SYS_ADMIN permission to modify/delete security.evm, prohibit invalid security.evm xattrs from changing, unless in fixmode. This patch prevents inadvertent 'fixing' of security.evm to reflect offline modifications. Changelog v7: - rename boot paramater 'evm_mode' to 'evm' Reported-by: Roberto Sassu <roberto.sassu@polito.it> Signed-off-by: Mimi Zohar <zohar@us.ibm.com>

Diffstat (limited to 'security/security.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: