• Linus Torvalds's avatar
    Merge branch 'next-integrity' of... · f8cf2f16
    Linus Torvalds authored
    Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
    
    Pull integrity updates from James Morris:
     "A mixture of bug fixes, code cleanup, and continues to close
      IMA-measurement, IMA-appraisal, and IMA-audit gaps.
    
      Also note the addition of a new cred_getsecid LSM hook by Matthew
      Garrett:
    
         For IMA purposes, we want to be able to obtain the prepared secid
         in the bprm structure before the credentials are committed. Add a
         cred_getsecid hook that makes this possible.
    
      which is used by a new CREDS_CHECK target in IMA:
    
         In ima_bprm_check(), check with both the existing process
         credentials and the credentials that will be committed when the new
         process is started. This will not change behaviour unless the
         system policy is extended to include CREDS_CHECK targets -
         BPRM_CHECK will continue to check the same credentials that it did
         previously"
    
    * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
      ima: Fallback to the builtin hash algorithm
      ima: Add smackfs to the default appraise/measure list
      evm: check for remount ro in progress before writing
      ima: Improvements in ima_appraise_measurement()
      ima: Simplify ima_eventsig_init()
      integrity: Remove unused macro IMA_ACTION_RULE_FLAGS
      ima: drop vla in ima_audit_measurement()
      ima: Fix Kconfig to select TPM 2.0 CRB interface
      evm: Constify *integrity_status_msg[]
      evm: Move evm_hmac and evm_hash from evm_main.c to evm_crypto.c
      fuse: define the filesystem as untrusted
      ima: fail signature verification based on policy
      ima: clear IMA_HASH
      ima: re-evaluate files on privileged mounted filesystems
      ima: fail file signature verification on non-init mounted filesystems
      IMA: Support using new creds in appraisal policy
      security: Add a cred_getsecid hook
    f8cf2f16
Name
Last commit
Last update
Documentation Loading commit data...
LICENSES Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...