Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / d77ccdc644a59b412d8e101576134c90a0aa6797
commitd77ccdc644a59b412d8e101576134c90a0aa6797[log] [tgz]
authorMimi Zohar <zohar@linux.vnet.ibm.com>Wed Feb 21 11:35:20 2018 -0500
committerMimi Zohar <zohar@linux.vnet.ibm.com>Fri Mar 23 06:31:37 2018 -0400
tree80fa2cc61e12a5b5e5647ed29aa31eab9254a037
parent57b56ac6fecb05c3192586e4892572dd13d972de [diff]
ima: re-evaluate files on privileged mounted filesystems

This patch addresses the fuse privileged mounted filesystems in a "secure"
environment, with a correctly enforced security policy, which is willing
to assume the inherent risk of specific fuse filesystems that are well
defined and properly implemented.

As there is no way for the kernel to detect file changes, the kernel
ignores the cached file integrity results and re-measures, re-appraises,
and re-audits the file.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Seth Forshee <seth.forshee@canonical.com>
Cc: Dongsu Park <dongsu@kinvolk.io>
Cc: Alban Crequy <alban@kinvolk.io>
Acked-by: Serge Hallyn <serge@hallyn.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
1 file changed
tree: 80fa2cc61e12a5b5e5647ed29aa31eab9254a037
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README