]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ee531c4) | patch
evm: permit mode bits to be updated
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Mon, 22 Aug 2011 13:14:18 +0000 (09:14 -0400)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Wed, 14 Sep 2011 19:24:52 +0000 (15:24 -0400)
commit4219a61c50bcc078507b49f80abeb3a62e82e437
treec5d29c7db2f8ef93e970cb405621f59c57d01b94tree | snapshot
parentee531c45d3c5a7f8c1e5d134dd22c55992e558dacommit | diff
evm: permit mode bits to be updated

Before permitting 'security.evm' to be updated, 'security.evm' must
exist and be valid.  In the case that there are no existing EVM protected
xattrs, it is safe for posix acls to update the mode bits.

To differentiate between no 'security.evm' xattr and no xattrs used to
calculate 'security.evm', this patch defines INTEGRITY_NOXATTR.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
include/linux/integrity.h diff | blob | history
security/integrity/evm/evm_main.c diff | blob | history
Linux Kernel Source Tree.