Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 57b56ac6fecb05c3192586e4892572dd13d972de
commit57b56ac6fecb05c3192586e4892572dd13d972de[log] [tgz]
authorMimi Zohar <zohar@linux.vnet.ibm.com>Wed Feb 21 11:33:37 2018 -0500
committerMimi Zohar <zohar@linux.vnet.ibm.com>Fri Mar 23 06:31:37 2018 -0400
tree125efeee62e9ec9a3fc99a761151569cdba7e26c
parentd906c10d8a31654cb9167c9a2ebc7d3e43820bad [diff]
ima: fail file signature verification on non-init mounted filesystems

FUSE can be mounted by unprivileged users either today with fusermount
installed with setuid, or soon with the upcoming patches to allow FUSE
mounts in a non-init user namespace.

This patch addresses the new unprivileged non-init mounted filesystems,
which are untrusted, by failing the signature verification.

This patch defines two new flags SB_I_IMA_UNVERIFIABLE_SIGNATURE and
SB_I_UNTRUSTED_MOUNTER.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Seth Forshee <seth.forshee@canonical.com>
Cc: Dongsu Park <dongsu@kinvolk.io>
Cc: Alban Crequy <alban@kinvolk.io>
Acked-by: Serge Hallyn <serge@hallyn.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
2 files changed
tree: 125efeee62e9ec9a3fc99a761151569cdba7e26c
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README