evm: permit only valid security.evm xattrs to be updated - wireguard-linux

diff options

author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2011-05-12 18:33:20 -0400
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2011-07-18 12:29:49 -0400
commit	7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac (patch)
tree	1de4ac95b25e6bebab103e4377047c8f76038dac /include/linux/evm.h
parent	evm: replace hmac_status with evm_status (diff)
download	wireguard-linux-7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac.tar.xz wireguard-linux-7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac.zip

evm: permit only valid security.evm xattrs to be updated

In addition to requiring CAP_SYS_ADMIN permission to modify/delete security.evm, prohibit invalid security.evm xattrs from changing, unless in fixmode. This patch prevents inadvertent 'fixing' of security.evm to reflect offline modifications. Changelog v7: - rename boot paramater 'evm_mode' to 'evm' Reported-by: Roberto Sassu <roberto.sassu@polito.it> Signed-off-by: Mimi Zohar <zohar@us.ibm.com>

Diffstat (limited to 'include/linux/evm.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: