kernel_optimize_test/security
Stefan Berger 8027ba480c ima: Do not print policy rule with inactive LSM labels
commit 89677197ae709eb1ab3646952c44f6a171c9e74c upstream.

Before printing a policy rule scan for inactive LSM labels in the policy
rule. Inactive LSM labels are identified by args_p != NULL and
rule == NULL.

Fixes: 483ec26eed ("ima: ima/lsm policy rule loading logic bug fixes")
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Cc: <stable@vger.kernel.org> # v5.6+
Acked-by: Christian Brauner <brauner@kernel.org>
[zohar@linux.ibm.com: Updated "Fixes" tag]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-02-16 12:54:16 +01:00
..
apparmor apparmor: fix error check 2021-11-18 14:04:22 +01:00
bpf bpf: Implement bpf_local_storage for inodes 2020-08-25 15:00:04 -07:00
integrity ima: Do not print policy rule with inactive LSM labels 2022-02-16 12:54:16 +01:00
keys KEYS: trusted: Fix memory leak on object td 2021-05-19 10:12:50 +02:00
loadpin LSM: Add "contents" flag to kernel_read_file hook 2020-10-05 13:37:03 +02:00
lockdown
safesetid LSM: SafeSetID: Fix warnings reported by test bot 2020-10-13 09:17:36 -07:00
selinux selinux: fix double free of cond_list on error paths 2022-02-08 18:30:34 +01:00
smack smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi 2021-11-18 14:04:10 +01:00
tomoyo tomoyo: use hwight16() in tomoyo_domain_quota_is_ok() 2022-01-05 12:40:29 +01:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
commoncap.c security: commoncap: fix -Wstringop-overread warning 2021-05-11 14:47:36 +02:00
device_cgroup.c device_cgroup: Fix RCU list debugging warning 2020-08-20 11:25:03 -07:00
inode.c
Kconfig fortify: Explicitly disable Clang support 2021-11-21 13:46:35 +01:00
Kconfig.hardening
lsm_audit.c dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-19 18:27:29 +01:00
Makefile
min_addr.c
security.c binder: use cred instead of task for selinux checks 2021-11-18 14:03:36 +01:00