diff options
author | Roberto Sassu <roberto.sassu@huawei.com> | 2021-05-14 17:27:47 +0200 |
---|---|---|
committer | Mimi Zohar <zohar@linux.ibm.com> | 2021-05-21 18:48:39 +0200 |
commit | cdef685be5b4ae55c3959289e72d520402839c29 (patch) | |
tree | 9fafacdad2075d1f7e0da5cac4fa9b6c144230b5 /security/security.c | |
parent | evm: Introduce evm_hmac_disabled() to safely ignore verification errors (diff) | |
download | linux-cdef685be5b4ae55c3959289e72d520402839c29.tar.xz linux-cdef685be5b4ae55c3959289e72d520402839c29.zip |
evm: Allow xattr/attr operations for portable signatures
If files with portable signatures are copied from one location to another
or are extracted from an archive, verification can temporarily fail until
all xattrs/attrs are set in the destination. Only portable signatures may
be moved or copied from one file to another, as they don't depend on
system-specific information such as the inode generation. Instead portable
signatures must include security.ima.
Unlike other security.evm types, EVM portable signatures are also
immutable. Thus, it wouldn't be a problem to allow xattr/attr operations
when verification fails, as portable signatures will never be replaced with
the HMAC on possibly corrupted xattrs/attrs.
This patch first introduces a new integrity status called
INTEGRITY_FAIL_IMMUTABLE, that allows callers of
evm_verify_current_integrity() to detect that a portable signature didn't
pass verification and then adds an exception in evm_protect_xattr() and
evm_inode_setattr() for this status and returns 0 instead of -EPERM.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/security.c')
0 files changed, 0 insertions, 0 deletions