git.baikalelectronics.ru Git - kernel.git/commit

Merge tag 'integrity-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

Pull integrity subsystem updates from Mimi Zohar:

- Limit the allowed hash algorithms when writing security.ima xattrs or
   verifying them, based on the IMA policy and the configured hash
   algorithms.

- Return the calculated "critical data" measurement hash and size to
   avoid code duplication. (Preparatory change for a proposed LSM.)

- and a single patch to address a compiler warning.

* tag 'integrity-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  IMA: reject unknown hash algorithms in ima_get_hash_algo
  IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms
  IMA: introduce a new policy option func=SETXATTR_CHECK
  IMA: add a policy option to restrict xattr hash algorithms on appraisal
  IMA: add support to restrict the hash algorithms used for file appraisal
  IMA: block writes of the security.ima xattr with unsupported algorithms
  IMA: remove the dependency on CRYPTO_MD5
  ima: Add digest and digest_len params to the functions to measure a buffer
  ima: Return int in the functions to measure a buffer
  ima: Introduce ima_get_current_hash_algo()
  IMA: remove -Wmissing-prototypes warning

author	Linus Torvalds <torvalds@linux-foundation.org>
	Thu, 2 Sep 2021 19:51:41 +0000 (12:51 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Thu, 2 Sep 2021 19:51:41 +0000 (12:51 -0700)
commit	3957febaf58606f5da9f02ef26cdeeb739c10aaf
tree	b73cc5720eaace0398610dbd0dd9074513640a1c	tree \| snapshot
parent	c49d3611ff3ba20acb8acf7b48b1260fc499072f	commit \| diff
parent	da1876856c9f66960e75f57a27759c10aab900d4	commit \| diff

drivers/md/dm-ima.c	diff1 \|	\|	blob \| history
security/integrity/ima/ima_main.c	diff1 \|	diff2 \|	blob \| history