diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-05-11 00:05:23 -0400 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-06-12 17:58:07 -0400 |
commit | 2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4 (patch) | |
tree | e4a1c5fd8871eaba1b2bb0b65405d9cb0d4bd6f6 /security/integrity/ima/ima_crypto.c | |
parent | ima: check inode integrity cache in violation check (diff) | |
download | linux-dev-2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4.tar.xz linux-dev-2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4.zip |
evm: prohibit userspace writing 'security.evm' HMAC value
Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key. Only the kernel should have access to it. This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org>
Diffstat (limited to 'security/integrity/ima/ima_crypto.c')
0 files changed, 0 insertions, 0 deletions