p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
linux_old1/security/integrity
History
Mimi Zohar 57b56ac6fe ima: fail file signature verification on non-init mounted filesystems 
FUSE can be mounted by unprivileged users either today with fusermount
installed with setuid, or soon with the upcoming patches to allow FUSE
mounts in a non-init user namespace.

This patch addresses the new unprivileged non-init mounted filesystems,
which are untrusted, by failing the signature verification.

This patch defines two new flags SB_I_IMA_UNVERIFIABLE_SIGNATURE and
SB_I_UNTRUSTED_MOUNTER.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Seth Forshee <seth.forshee@canonical.com>
Cc: Dongsu Park <dongsu@kinvolk.io>
Cc: Alban Crequy <alban@kinvolk.io>
Acked-by: Serge Hallyn <serge@hallyn.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
 		2018-03-23 06:31:37 -04:00
..
evm EVM: Add support for portable signature format 2017-12-11 17:20:39 -05:00
ima ima: fail file signature verification on non-init mounted filesystems 2018-03-23 06:31:37 -04:00
Kconfig security: integrity: Remove select to deleted option PUBLIC_KEY_ALGO_RSA 2016-04-12 19:54:58 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
digsig.c integrity/security: fix digsig.c build error with header file 2018-02-22 20:09:08 -08:00
digsig_asymmetric.c integrity: Small code improvements 2017-06-21 14:37:12 -04:00
iint.c IMA: Support using new creds in appraisal policy 2018-03-23 06:31:11 -04:00
integrity.h IMA: Support using new creds in appraisal policy 2018-03-23 06:31:11 -04:00
integrity_audit.c Merge git://git.infradead.org/users/eparis/audit 2014-04-12 12:38:53 -07:00