qiurui
/
linux-kernelorg-stable
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-kernelorg-stable/security/integrity/ima
History
Linus Torvalds 777f817160 integrity-v6.19 
-----BEGIN PGP SIGNATURE-----
 
 iIoEABYKADIWIQQdXVVFGN5XqKr1Hj7LwZzRsCrn5QUCaS896BQcem9oYXJAbGlu
 dXguaWJtLmNvbQAKCRDLwZzRsCrn5RDuAQDx4fmvctP8kc9PeRjd5X/UV1ip1pPD
 beMKt8ghEThQiAEAzjFJbNGUDKhfR8yWODifAvYRurU5YQJZZI9wJ8skNw0=
 =3Vc4
 -----END PGP SIGNATURE-----

Merge tag 'integrity-v6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

Pull integrity updates from Mimi Zohar:
 "Bug fixes:

   - defer credentials checking from the bprm_check_security hook to the
     bprm_creds_from_file security hook

   - properly ignore IMA policy rules based on undefined SELinux labels

  IMA policy rule extensions:

   - extend IMA to limit including file hashes in the audit logs
     (dont_audit action)

   - define a new filesystem subtype policy option (fs_subtype)

  Misc:

   - extend IMA to support in-kernel module decompression by deferring
     the IMA signature verification in kernel_read_file() to after the
     kernel module is decompressed"

* tag 'integrity-v6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  ima: Handle error code returned by ima_filter_rule_match()
  ima: Access decompressed kernel module to verify appended signature
  ima: add fs_subtype condition for distinguishing FUSE instances
  ima: add dont_audit action to suppress audit actions
  ima: Attach CREDS_CHECK IMA hook to bprm_creds_from_file LSM hook
 		2025-12-03 11:08:03 -08:00
..
Kconfig ima: make the kexec extra memory configurable 2025-04-29 15:54:54 -04:00
Makefile ima: Make it independent from 'integrity' LSM 2024-02-15 23:43:47 -05:00
ima.h ima: measure kexec load and exec events as critical data 2025-04-29 15:54:54 -04:00
ima_api.c lsm: use lsm_prop in security_current_getsecid 2024-10-11 14:34:14 -04:00
ima_appraise.c ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr 2025-10-03 07:50:56 -04:00
ima_asymmetric_keys.c
ima_crypto.c ima: add crypto agility support for template-hash algorithm 2024-04-12 09:59:04 -04:00
ima_efi.c ima: require signed IMA policy when UEFI secure boot is enabled 2023-08-01 08:18:11 -04:00
ima_fs.c ima,evm: move initcalls to the LSM framework 2025-10-22 19:24:27 -04:00
ima_iint.c lsm: add the inode_free_security_rcu() LSM implementation hook 2024-08-12 15:35:04 -04:00
ima_init.c ima: Suspend PCR extends and log appends when rebooting 2024-12-11 11:55:53 -05:00
ima_kexec.c ima: do not copy measurement list to kdump kernel 2025-05-14 06:40:09 -04:00
ima_main.c integrity-v6.19 2025-12-03 11:08:03 -08:00
ima_modsig.c ima: Add __counted_by for struct modsig and use struct_size() 2023-10-20 10:52:41 -07:00
ima_mok.c
ima_policy.c ima: Handle error code returned by ima_filter_rule_match() 2025-11-21 07:24:01 -05:00
ima_queue.c ima: measure kexec load and exec events as critical data 2025-04-29 15:54:54 -04:00
ima_queue_keys.c
ima_template.c
ima_template_lib.c ima: fix buffer overrun in ima_eventdigest_init_common 2024-10-09 22:49:24 -04:00
ima_template_lib.h