[GIT PULL] linux-integrity patches for 4.19

public inbox for linux-integrity@vger.kernel.org
 help / color / mirror / Atom feed

* [GIT PULL]  linux-integrity patches for 4.19
@ 2018-07-24 11:00 Mimi Zohar
  2018-07-24 18:45 ` James Morris
  0 siblings, 1 reply; 3+ messages in thread
From: Mimi Zohar @ 2018-07-24 11:00 UTC (permalink / raw)
  To: James Morris; +Cc: linux-security-module, linux-integrity

Hi James,

This pull request adds support for EVM signatures based on larger
digests, contains a new audit record AUDIT_INTEGRITY_POLICY_RULE to
differentiate the IMA policy rules from the IMA-audit messages,
addresses two deadlocks due to either loading or searching for crypto
algorithms, and cleans up the audit messages.

New to 4.19, but not included in this pull request, is support for a
build time IMA policy.  Build time IMA policy rules are automatically
enabled on boot and persist after loading a custom policy.

Mimi

The following changes since commit
87ea58433208d17295e200d56be5e2a4fe4ce7d6:

  security: check for kstrdup() failure in lsm_append() (2018-07-17
21:27:06 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-
integrity.git next-integrity

for you to fetch changes up to
3dd0f18c70d94ca2432c78c5735744429f071b0b:

  EVM: fix return value check in evm_write_xattrs() (2018-07-22
14:49:11 -0400)

----------------------------------------------------------------
Matthew Garrett (2):
      evm: Don't deadlock if a crypto algorithm is unavailable
      evm: Allow non-SHA1 digital signatures

Mikhail Kurinnoi (1):
      integrity: prevent deadlock during digsig verification.

Stefan Berger (4):
      ima: Call audit_log_string() rather than logging it untrusted
      ima: Use audit_log_format() rather than audit_log_string()
      ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set
      ima: Differentiate auditing policy rules from "audit" actions

Sudeep Holla (1):
      integrity: silence warning when CONFIG_SECURITYFS is not enabled

Wei Yongjun (1):
      EVM: fix return value check in evm_write_xattrs()

 crypto/api.c                           |  2 +-
 include/linux/crypto.h                 |  5 ++++
 include/linux/integrity.h              | 13 +++++++++
 include/uapi/linux/audit.h             |  1 +
 security/integrity/digsig_asymmetric.c | 23 ++++++++++++++++
 security/integrity/evm/Kconfig         |  1 +
 security/integrity/evm/evm.h           | 10 +++++--
 security/integrity/evm/evm_crypto.c    | 50 ++++++++++++++++++-------
---------
 security/integrity/evm/evm_main.c      | 19 ++++++++-----
 security/integrity/evm/evm_secfs.c     |  4 +--
 security/integrity/iint.c              |  9 ++++--
 security/integrity/ima/Kconfig         |  1 +
 security/integrity/ima/ima_policy.c    |  9 ++++--
 security/integrity/integrity.h         | 15 ++++++++++
 security/integrity/integrity_audit.c   |  6 +---
 security/security.c                    |  7 ++++-
 16 files changed, 128 insertions(+), 47 deletions(-)

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [GIT PULL]  linux-integrity patches for 4.19
  2018-07-24 11:00 [GIT PULL] linux-integrity patches for 4.19 Mimi Zohar
@ 2018-07-24 18:45 ` James Morris
  2018-07-24 18:46   ` James Morris
  0 siblings, 1 reply; 3+ messages in thread
From: James Morris @ 2018-07-24 18:45 UTC (permalink / raw)
  To: Mimi Zohar; +Cc: linux-security-module, linux-integrity

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: multipart/mixed; boundary="1665246916-420314363-1532457956=:10717", Size: 677 bytes --]

On Tue, 24 Jul 2018, Mimi Zohar wrote:

> Hi James,
> 
> This pull request adds support for EVM signatures based on larger
> digests, contains a new audit record AUDIT_INTEGRITY_POLICY_RULE to
> differentiate the IMA policy rules from the IMA-audit messages,
> addresses two deadlocks due to either loading or searching for crypto
> algorithms, and cleans up the audit messages.
> 
> New to 4.19, but not included in this pull request, is support for a
> build time IMA policy.  Build time IMA policy rules are automatically
> enabled on boot and persist after loading a custom policy.
> 

Thanks, merge to next-general and next-testing.


-- 
James Morris
<jmorris@namei.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [GIT PULL]  linux-integrity patches for 4.19
  2018-07-24 18:45 ` James Morris
@ 2018-07-24 18:46   ` James Morris
  0 siblings, 0 replies; 3+ messages in thread
From: James Morris @ 2018-07-24 18:46 UTC (permalink / raw)
  To: Mimi Zohar; +Cc: linux-security-module, linux-integrity

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: multipart/mixed; boundary="1665246916-553496164-1532458000=:10717", Size: 710 bytes --]

On Wed, 25 Jul 2018, James Morris wrote:

> On Tue, 24 Jul 2018, Mimi Zohar wrote:
> 
> > Hi James,
> > 
> > This pull request adds support for EVM signatures based on larger
> > digests, contains a new audit record AUDIT_INTEGRITY_POLICY_RULE to
> > differentiate the IMA policy rules from the IMA-audit messages,
> > addresses two deadlocks due to either loading or searching for crypto
> > algorithms, and cleans up the audit messages.
> > 
> > New to 4.19, but not included in this pull request, is support for a
> > build time IMA policy.  Build time IMA policy rules are automatically
> > enabled on boot and persist after loading a custom policy.
> > 
> 
> merged


-- 
James Morris
<jmorris@namei.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2018-07-24 19:54 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-07-24 11:00 [GIT PULL] linux-integrity patches for 4.19 Mimi Zohar
2018-07-24 18:45 ` James Morris
2018-07-24 18:46   ` James Morris

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox