AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
9e67028e76
kernel_optimize_test/security/integrity
History
Mimi Zohar 9e67028e76 ima: fail signature verification based on policy 
This patch addresses the fuse privileged mounted filesystems in
environments which are unwilling to accept the risk of trusting the
signature verification and want to always fail safe, but are for example
using a pre-built kernel.

This patch defines a new builtin policy named "fail_securely", which can
be specified on the boot command line as an argument to "ima_policy=".

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Seth Forshee <seth.forshee@canonical.com>
Cc: Dongsu Park <dongsu@kinvolk.io>
Cc: Alban Crequy <alban@kinvolk.io>
Acked-by: Serge Hallyn <serge@hallyn.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
2018-03-23 06:31:37 -04:00
..
evm EVM: Add support for portable signature format 2017-12-11 17:20:39 -05:00
ima ima: fail signature verification based on policy 2018-03-23 06:31:37 -04:00
digsig_asymmetric.c integrity: Small code improvements 2017-06-21 14:37:12 -04:00
digsig.c integrity/security: fix digsig.c build error with header file 2018-02-22 20:09:08 -08:00
iint.c IMA: Support using new creds in appraisal policy 2018-03-23 06:31:11 -04:00
integrity_audit.c
integrity.h ima: fail signature verification based on policy 2018-03-23 06:31:37 -04:00
Kconfig security: integrity: Remove select to deleted option PUBLIC_KEY_ALGO_RSA 2016-04-12 19:54:58 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00