• Linus Torvalds's avatar
    Merge branch 'next-integrity' of... · f8cf2f16
    Linus Torvalds authored
    Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
    
    Pull integrity updates from James Morris:
     "A mixture of bug fixes, code cleanup, and continues to close
      IMA-measurement, IMA-appraisal, and IMA-audit gaps.
    
      Also note the addition of a new cred_getsecid LSM hook by Matthew
      Garrett:
    
         For IMA purposes, we want to be able to obtain the prepared secid
         in the bprm structure before the credentials are committed. Add a
         cred_getsecid hook that makes this possible.
    
      which is used by a new CREDS_CHECK target in IMA:
    
         In ima_bprm_check(), check with both the existing process
         credentials and the credentials that will be committed when the new
         process is started. This will not change behaviour unless the
         system policy is extended to include CREDS_CHECK targets -
         BPRM_CHECK will continue to check the same credentials that it did
         previously"
    
    * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
      ima: Fallback to the builtin hash algorithm
      ima: Add smackfs to the default appraise/measure list
      evm: check for remount ro in progress before writing
      ima: Improvements in ima_appraise_measurement()
      ima: Simplify ima_eventsig_init()
      integrity: Remove unused macro IMA_ACTION_RULE_FLAGS
      ima: drop vla in ima_audit_measurement()
      ima: Fix Kconfig to select TPM 2.0 CRB interface
      evm: Constify *integrity_status_msg[]
      evm: Move evm_hmac and evm_hash from evm_main.c to evm_crypto.c
      fuse: define the filesystem as untrusted
      ima: fail signature verification based on policy
      ima: clear IMA_HASH
      ima: re-evaluate files on privileged mounted filesystems
      ima: fail file signature verification on non-init mounted filesystems
      IMA: Support using new creds in appraisal policy
      security: Add a cred_getsecid hook
    f8cf2f16
Name
Last commit
Last update
..
ABI Loading commit data...
EDID Loading commit data...
PCI Loading commit data...
RCU Loading commit data...
accelerators Loading commit data...
accounting Loading commit data...
acpi Loading commit data...
admin-guide Loading commit data...
aoe Loading commit data...
arm Loading commit data...
arm64 Loading commit data...
auxdisplay Loading commit data...
backlight Loading commit data...
block Loading commit data...
blockdev Loading commit data...
bpf Loading commit data...
bus-devices Loading commit data...
cdrom Loading commit data...
cgroup-v1 Loading commit data...
cma Loading commit data...
connector Loading commit data...
console Loading commit data...
core-api Loading commit data...
cpu-freq Loading commit data...
cpuidle Loading commit data...
crypto Loading commit data...
dev-tools Loading commit data...
device-mapper Loading commit data...
devicetree Loading commit data...
doc-guide Loading commit data...
driver-api Loading commit data...
driver-model Loading commit data...
early-userspace Loading commit data...
extcon Loading commit data...
fault-injection Loading commit data...
fb Loading commit data...
features Loading commit data...
filesystems Loading commit data...
firmware_class Loading commit data...
fmc Loading commit data...
fpga Loading commit data...
gpio Loading commit data...
gpu Loading commit data...
hid Loading commit data...
hwmon Loading commit data...
i2c Loading commit data...
ia64 Loading commit data...
ide Loading commit data...
iio Loading commit data...
infiniband Loading commit data...
input Loading commit data...
ioctl Loading commit data...
isdn Loading commit data...
kbuild Loading commit data...
kdump Loading commit data...
kernel-hacking Loading commit data...
laptops Loading commit data...
leds Loading commit data...
lightnvm Loading commit data...
livepatch Loading commit data...
locking Loading commit data...
m68k Loading commit data...
maintainer Loading commit data...
md Loading commit data...
media Loading commit data...
memory-devices Loading commit data...
mic Loading commit data...
mips Loading commit data...
misc-devices Loading commit data...
mmc Loading commit data...
mtd Loading commit data...
namespaces Loading commit data...
netlabel Loading commit data...
networking Loading commit data...
nfc Loading commit data...
nios2 Loading commit data...
nvdimm Loading commit data...
nvmem Loading commit data...
openrisc Loading commit data...
parisc Loading commit data...
pcmcia Loading commit data...
perf Loading commit data...
phy Loading commit data...
platform Loading commit data...
power Loading commit data...
powerpc Loading commit data...
pps Loading commit data...
process Loading commit data...
pti Loading commit data...
ptp Loading commit data...
rapidio Loading commit data...
s390 Loading commit data...
scheduler Loading commit data...
scsi Loading commit data...
security Loading commit data...
serial Loading commit data...
sh Loading commit data...
sound Loading commit data...
sparc Loading commit data...
sphinx Loading commit data...
sphinx-static Loading commit data...
spi Loading commit data...
sysctl Loading commit data...
target Loading commit data...
thermal Loading commit data...
timers Loading commit data...
trace Loading commit data...
translations Loading commit data...
usb Loading commit data...
userspace-api Loading commit data...
virtual Loading commit data...
vm Loading commit data...
w1 Loading commit data...
watchdog Loading commit data...
wimax Loading commit data...
x86 Loading commit data...
xtensa Loading commit data...
.gitignore Loading commit data...
00-INDEX Loading commit data...
Changes Loading commit data...
CodingStyle Loading commit data...
DMA-API-HOWTO.txt Loading commit data...
DMA-API.txt Loading commit data...
DMA-ISA-LPC.txt Loading commit data...
DMA-attributes.txt Loading commit data...
IPMI.txt Loading commit data...
IRQ-affinity.txt Loading commit data...
IRQ-domain.txt Loading commit data...
IRQ.txt Loading commit data...
Intel-IOMMU.txt Loading commit data...
Makefile Loading commit data...
SAK.txt Loading commit data...
SM501.txt Loading commit data...
SubmittingPatches Loading commit data...
atomic_bitops.txt Loading commit data...
atomic_t.txt Loading commit data...
bcache.txt Loading commit data...
bt8xxgpio.txt Loading commit data...
btmrvl.txt Loading commit data...
bus-virt-phys-mapping.txt Loading commit data...
cachetlb.txt Loading commit data...
cgroup-v2.txt Loading commit data...
circular-buffers.txt Loading commit data...
clearing-warn-once.txt Loading commit data...
clk.txt Loading commit data...
conf.py Loading commit data...
cpu-load.txt Loading commit data...
cputopology.txt Loading commit data...
crc32.txt Loading commit data...
dcdbas.txt Loading commit data...
debugging-modules.txt Loading commit data...
debugging-via-ohci1394.txt Loading commit data...
dell_rbu.txt Loading commit data...
digsig.txt Loading commit data...
docutils.conf Loading commit data...
dontdiff Loading commit data...
efi-stub.txt Loading commit data...
eisa.txt Loading commit data...
flexible-arrays.txt Loading commit data...
futex-requeue-pi.txt Loading commit data...
gcc-plugins.txt Loading commit data...
highuid.txt Loading commit data...
hw_random.txt Loading commit data...
hwspinlock.txt Loading commit data...
index.rst Loading commit data...
intel_txt.txt Loading commit data...
io-mapping.txt Loading commit data...
io_ordering.txt Loading commit data...
iostats.txt Loading commit data...
irqflags-tracing.txt Loading commit data...
isa.txt Loading commit data...
isapnp.txt Loading commit data...
kernel-per-CPU-kthreads.txt Loading commit data...
kobject.txt Loading commit data...
kprobes.txt Loading commit data...
kref.txt Loading commit data...
ldm.txt Loading commit data...
lockup-watchdogs.txt Loading commit data...
logo.gif Loading commit data...
logo.txt Loading commit data...
lsm.txt Loading commit data...
lzo.txt Loading commit data...
mailbox.txt Loading commit data...
memory-barriers.txt Loading commit data...
memory-hotplug.txt Loading commit data...
men-chameleon-bus.txt Loading commit data...
nommu-mmap.txt Loading commit data...
ntb.txt Loading commit data...
numastat.txt Loading commit data...
padata.txt Loading commit data...
parport-lowlevel.txt Loading commit data...
percpu-rw-semaphore.txt Loading commit data...
phy.txt Loading commit data...
pi-futex.txt Loading commit data...
pnp.txt Loading commit data...
preempt-locking.txt Loading commit data...
pwm.txt Loading commit data...
rbtree.txt Loading commit data...
remoteproc.txt Loading commit data...
rfkill.txt Loading commit data...
robust-futex-ABI.txt Loading commit data...
robust-futexes.txt Loading commit data...
rpmsg.txt Loading commit data...
rtc.txt Loading commit data...
sgi-ioc4.txt Loading commit data...
siphash.txt Loading commit data...
smsc_ece1099.txt Loading commit data...
speculation.txt Loading commit data...
static-keys.txt Loading commit data...
svga.txt Loading commit data...
switchtec.txt Loading commit data...
sync_file.txt Loading commit data...
tee.txt Loading commit data...
this_cpu_ops.txt Loading commit data...
unaligned-memory-access.txt Loading commit data...
vfio-mediated-device.txt Loading commit data...
vfio.txt Loading commit data...
video-output.txt Loading commit data...
xillybus.txt Loading commit data...
xz.txt Loading commit data...
zorro.txt Loading commit data...