diff options
| author |   Linus Torvalds <torvalds@linux-foundation.org> | 2020-12-16 11:06:07 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-12-16 11:06:07 -0800 |
| commit | e20a9b92ddbfe662807622dbb28e1fbb6e0011aa (patch) | |
| tree | df1a16ed9cdd8ed83aacfa01f0f3498bf156c12d /security/smack | |
| parent | Merge tag 'selinux-pr-20201214' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux (diff) | |
| parent | ima: Don't modify file descriptor mode on the fly (diff) | |
| download | linux-dev-e20a9b92ddbfe662807622dbb28e1fbb6e0011aa.tar.xz linux-dev-e20a9b92ddbfe662807622dbb28e1fbb6e0011aa.zip | |
Merge tag 'integrity-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull integrity subsystem updates from Mimi Zohar:
"Just three patches here. Other integrity changes are being upstreamed
via EFI (defines a common EFI secure and trusted boot IMA policy) and
BPF LSM (exporting the IMA file cache hash info based on inode).
The three patches included here:
- bug fix: fail calculating the file hash, when a file not opened for
read and the attempt to re-open it for read fails.
- defer processing the "ima_appraise" boot command line option to
avoid enabling different modes (e.g. fix, log) to when the secure
boot flag is available on arm.
- defines "ima-buf" as the default IMA buffer measurement template in
preparation for the builtin integrity "critical data" policy"
* tag 'integrity-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
ima: Don't modify file descriptor mode on the fly
ima: select ima-buf template for buffer measurement
ima: defer arch_ima_get_secureboot() call to IMA init time
Diffstat (limited to 'security/smack')
0 files changed, 0 insertions, 0 deletions